28,661 questions
What is the difference between ContiCrypt, Conti and CONTI in the naming of Microsoft Defender Antivirus?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 77%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Frank
0
Reputation points
Conti is a ransomware family which encrypts the files on the system once the malicious file is executed. Microsoft Defender Antivirus names the malware according to this post. However, for the Conti malware family, I found 3 different names for this ransomware and I was wondering if there is a difference in them or if it's the same family.
Within the same family, the difference is already made between variants and even further using suffixes, so I was wondering if these are completely different families on their own. As the title says, the malware families in question are:
- ContiCrypt
- Conti
- CONTI
Some examples of names I have received from Defender:
- Ransom:Win32/ContiCrypt.MFP!MTB
- Ransom:Win32/Conti.AD!MTB
- Ransom:Win32/CONTI.DC!MTB
I'm currently researching the differences between different variants of the same malware family and was using Defender to check for true and false positives. However, I could not find any general information or list of existing malware families in Defender's database, which led me to this forum.
Thanks a lot in advance!
Kind regards,
Frank
Windows for business | Windows Client for IT Pros | User experience | Other
Sign in to answer