Conti is still at large despite speculation that the leaked group’s internal data might mean the end of this infamous ransomware gang associated with Russia.
In March, after Conti has announced its allegiance with Vladimir Putin, a pro-Ukrainian insider has set up a Twitter account named Conti leaks to expose the ransomware gang, which proved to be a nightmare for many of its victims, including Ireland’s HSE, Volkswagen Group, several US cities, counties, and school districts.
Some experts speculated that leaks could potentially unmask Conti members and disrupt the group’s activities. However, that doesn’t seem to be the case just yet.
Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the National Security Agency, and the United States Secret Service have re-released an advisory on Conti ransomware.
“Conti cyber threat actors remain active and reported Conti ransomware attacks against the US and international organizations have risen to more than 1,000,” it said.
Originally the warning was released in September 2021. It said that over 400 Conti ransomware attacks were aimed at stealing sensitive data.
In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.
Conti ransomware
Conti started operating in late 2019, and it runs Conti.News data leak site. The group gets initial access through stolen RDP credentials, phishing emails with malicious attachments.
Experts believe that Conti attacks resemble tactics seen in nation-state attacks. The groups also rely on human-operated attacks instead of increasingly popular automated intrusions. Conti attempts to find a buyer for the data before posting on site.
Ireland’s HSE, Volkswagen Group, several U.S. cities, counties, and school districts were affected by Conti. Conti has been observed to be in the networks for anywhere between a few days to even weeks before actually launching ransomware.
The group is believed to be based in the second largest Russian city of Saint Petersburg. It’s also speculated that people behind Conti used to be in charge of another prominent ransomware cartel, Ryuk.
As with many modern extortion gangs, Conti offers Ransomware-as-a-Service (RaaS) package, offering its malware to affiliates. The core team takes 20-30% of a ransom payment, while the affiliates keep the rest of the loot.
More from Cybernews:
The Iron Curtain: which IT-related services got blocked or left the Russian market?
Kremlin’s dirty infowar: sow division abroad, spread lies at home
Google to buy Mandiant for $5.4 billion
What does a cyberwar actually mean?
Beware: fraudsters impersonate law enforcement to extort money
Subscribe to our newsletter
