Articles Conti ransomware stops working and splits into several groups

Conti ransomware stops working and splits into several groups


Experts report that the Conti ransomware group has ceased operations, its infrastructure is disabled, and the leaders of the group have said that the brand is no more.

One of the first to notice the change was Yelisey Boguslavsky of Advanced Intel, who tweeted that the group’s internal infrastructure had been shut down. According to him, other internal services of the group, such as chat servers, are also being decommissioned.

The publication Bleeping Computer writes that at the same time, the public site for leaks “Conti News”, as well as the site for negotiating ransoms, are still available, but Boguslavsky explained to reporters that the Tor administrative panels used by hackers to negotiate and publish news on the site are already disabled.

Although Conti recently carried out a high- profile attack on Costa Rica, Boguslavsky believes it was done as a distraction while Conti members slowly migrated to other, smaller extortion groups.

Conti threatens the government of Costa Rica

“The only goal that Conti wanted to achieve with the latest attack was to use the platform as a tool for advertising, arrange their own “death”, and then be reborn in the most plausible way.

The secret purpose of the attack on Costa Rica, which was proclaimed by the internal leadership of Conti, was publicity, not ransom. Internal correspondence between members of the group indicates that the ransom requested was well under $1 million (despite rumors that the group was asking for a $10 million ransom and Conti’s own claims that the ransom was $20 million) ”, — say Advanced Intel experts.

Although the Conti brand no longer exists, experts are confident that this crime syndicate will play an important role in the extortion industry for a long time to come. So, Boguslavsky believes that instead of the traditional rebranding for hack groups (and the subsequent transformation into a new grouping), Conti’s leadership is collaborating with other smaller ransomware groups to carry out attacks.

As part of this “partnership”, small hack groups receive an influx of experienced pentesters, negotiators and operators from among Conti members. And the Conti syndicate, dividing into smaller “cells” controlled by a single leadership, gets mobility and the ability to evade the attention of law enforcement agencies.

According to the researchers, in this way Conti cooperates with groups HelloKitty, AvosLocker, Hive, BlackCat, BlackByte and so on. Also, Advanced Intel believes that members of Conti have created a number of new and autonomous groups that are completely focused on stealing data, not encrypting it. These groups include Karakurt, BlackByte and Bazarcall.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you