Articles Conti ransomware operators have "earned" at least $ 25.5...

Conti ransomware operators have “earned” at least $ 25.5 million since July 2021


Experts at the Swiss information security company Prodaft have calculated that over the past five months, Conti ransomware  operators have earned at least $ 25.5 million from their attacks.

The company said it has partnered with blockchain analysts at Elliptic to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is the first and only attempt to measure Conti’s earnings to date.

Experts at Prodaft and Elliptic say they recorded several transactions that split $ 6.2 million from Conti’s profits and were sent to a so-called “consolidation wallet.” The discovery of this wallet is good news, as it could become a target for law enforcement and allow the authorities to confiscate a significant portion of the hack group’s profits, as the US Justice Department previously did with one of REvil’s partners .

However, Prodaft notes that Conti’s operators manage the consolidation wallet themselves, and the group’s partners are not involved. They usually launder profits through shadow exchanges, Wasabi, and through Russian-language marketplaces like Hydra.

“In August 2021, 0.07 bitcoin was sent from this cluster to a well-known exchange known to be used by ransomware groups. In addition, Conti has not attempted to cash out or exchange the received Bitcoins from this cluster. The group’s activity indicates that the remaining 123.06 bitcoins are currently held in an unhosted wallet, ”the researchers write.

In addition, the researchers said they also tracked ransom payments and how the group distributed profits to its partners.

“One cluster was identified that was receiving payments from Conti and DarkSide, which may indicate that this is an individual who worked as a partner of both of these groups.”

It is worth pointing out that after the termination of such ransomware as Avaddon, REvil, DarkSide and BlackMatter, the Conti group, along with LockBit, became the most active RaaS platforms in the world. This explains the interest in hackers both on the part of information security experts and on the part of special services.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you