June 30, 2022

TheCyberThrone

Thinking Security ! Always

Conti Shutsdown its Operations

The Conti ransomware operation has become toxic due to its affiliation with the Russian government. A high successful operation that helped cybercriminals make billions after each breach of major organizations.

The Conti brand’s downfall appears to have started when it pledged its support for the Russian government and threatened to attack the critical infrastructure of its enemies. Those stances created a stir which led to source code, and chats histories getting leaked in public.

Advertisements

Russia’s war against Ukraine drew significant sanctions from the West, meaning that any payment made to the cybercriminals could be considered a payment to Russia and implicitly a violation of sanctions.

While Conti has become a toxic brand, the operation was too big and too profitable to just completely scrap. Conti leadership decided that instead of suddenly disappearing — REvil tried that approach, and it did not go well they would gradually shift to a new strategy put into practice well before the Conti brand would be shut down.

Conti operation was officially shut down on May 19, when their site’s admin panel and negotiations service went offline, and the rest of the infrastructure was reset. – AdvIntel report says

Before going offline,  the group continued to appear active and made a grand exit by hacking into the systems of Costa Rica, claiming that their goal was to overthrow the government.

Advertisements

AdvIntel says the Conti network now includes fully autonomous groups, such as Karakurt, Black Basta, and BlackByte, which do not use data-encrypting malware and instead only rely on the theft of valuable information to extort victims. The new Conti network also includes semi-autonomous groups that use locker malware such as AlphV (BlackCat), HIVE, HelloKitty (FiveHands), and AvosLocker.

There are also some independent affiliates who work on their own but continue to be loyal to the organization. In addition, Conti leadership has taken over smaller ransomware brands, kept their name but boosted their capabilities.

The US is offering up to $15 million for information on leaders of the Conti gang.

%d bloggers like this: