Conti ransomware shows signs of being a Ryuk successor - Lawrence Abrams
bleepingcomputer.com/news/security/…

Since December 2019, BleepingComputer has been monitoring the steady trickle of victims for an enterprise-targeting ransomware known as Conti. In June 2020, the victims started coming in at a more rapid pace, as shown by the submission to ID Ransomware.

At the same time, we have see a steady decline in Ryuk ransomware submissions being submitted to ID Ransomware.

Advanced Intel's Vitali Kremez has told BleepingComputer that Conti and Ryuk share similar code and that Conti is believed to be based off of Ryuk version 2.

It is not known if the Ryuk threat actors decided to splinter, re-brand, or transition to “Conti”, but one of the Conti ransom notes seen by BleepingComputer is an exact match for a Ryuk note used in attacks in 2018.
bleepingcomputer.com/news/security/…

Furthermore, Kremez has told BleepingComputer that the same TrickBot infrastructure is being used by both Ryuk and the Conti threat actors as part of their ransomware attacks.

A new report by vmw_carbonblack adds further insight into how the Conti Ransomware operates.
carbonblack.com/blog/tau-threa…

Conti uses 32 threads, where each thread encrypts a different file, in order to speed up the encryption of a device. In our tests, while definitely faster, this does increase CPU utilization and disk usage, which has a noticeable effect on the performance of the machine.