In part of a three-part series, of Sophos write:
For the past several months, both SophosLabs and the Sophos Rapid Response team have been collaborating on detection and behavioral analysis of a ransomware that emerged last year and has undergone rapid growth. The ransomware, which calls itself Conti, is delivered at the end of a series of Cobalt Strike/meterpreter payloads that use reflective DLL injection techniques to push the malware directly into memory.
Read more on Sophos.
Related: A Conti ransomware attack day-by-day
Related: What to expect when you’ve been hit with Conti ransomware