Conti Shuts Down and Rebrands

The infamous ransomware gang known as the Conti group has effectively brought an end to their operation by taking their infrastructure down and informing their team leaders that the brand no longer exists.

What Happened?

Yelisey Boguslavskiy of Advanced Intel tweeted this afternoon that the gang’s internal infrastructure had been shut down, which is where we learned this piece of information.

According to BleepingComputer the Tor admin panels that members used to undertake negotiations and post “news” on their data leak site are now down. This is despite the fact that the public-facing ‘Conti News’ data leak and the ransom negotiation website are still accessible.

It is possible that Conti created a facade of a live operation while its members slowly migrated to other, smaller ransomware operations.

According to AdvIntel, Conti just intended to exploit the platform as a marketing tool, simulating their own death and subsequent rebirth in the most believable manner possible.

The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $ 1 million USD (despite unverified claims of the ransom being $ 10 million USD, followed by Conti’s own claims that the sum was $ 20 million USD).

Source

Despite the fact that the Conti ransomware brand has been abandoned, the cybercrime syndicate will continue to play an important part in the ransomware sector for a substantial amount of time to come.

Conti leadership has worked with other minor ransomware gangs to carry out assaults rather than rebranding themselves as another huge ransomware operation.

The smaller ransomware gangs benefit from this relationship by receiving an infusion of skilled Conti pentesters, negotiators, and operators. By subdividing into smaller “cells” that are all supervised by the central leadership, the Conti cybercrime syndicate is able to increase its mobility and its ability to evade law enforcement more effectively.

According to the study published by Advanced Intel, Conti has collaborated with a wide variety of well-known ransomware operations, some of which include HelloKitty, AvosLocker, Hive, BlackCat, and BlackByte, amongst others.

The current members of Conti, who include negotiators, intelligence analysts, pentesters, and coders, are dispersed among a number of different ransomware operations. Even though these individuals will now utilize the encryptors and negotiation sites used by the other ransomware operation, they are still a part of the bigger Conti criminal organization.

This fragmentation into smaller units that are either fully or partially autonomous is shown in the picture that was provided by Advanced Intel and can be found below.

According to Advanced Intel, new independent groups of Conti members have been formed recently, and the primary objective of these groups is data exfiltration rather than data encryption. Karakurt, BlackByte, and the Bazarcall collective are just a few examples of this type of grouping.

The current cybercrime syndicate is able to continue its operations as a result of these actions; however, it will no longer operate under the Conti brand.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

The infamous ransomware gang known as the Conti group has effectively brought an end to their operation by taking their infrastructure down and informing their team leaders that the brand no longer exists.

What Happened?

Yelisey Boguslavskiy of Advanced Intel tweeted this afternoon that the gang’s internal infrastructure had been shut down, which is where we learned this piece of information.

According to BleepingComputer the Tor admin panels that members used to undertake negotiations and post “news” on their data leak site are now down. This is despite the fact that the public-facing ‘Conti News’ data leak and the ransom negotiation website are still accessible.

It is possible that Conti created a facade of a live operation while its members slowly migrated to other, smaller ransomware operations.

According to AdvIntel, Conti just intended to exploit the platform as a marketing tool, simulating their own death and subsequent rebirth in the most believable manner possible.

The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $ 1 million USD (despite unverified claims of the ransom being $ 10 million USD, followed by Conti’s own claims that the sum was $ 20 million USD).

Source

Despite the fact that the Conti ransomware brand has been abandoned, the cybercrime syndicate will continue to play an important part in the ransomware sector for a substantial amount of time to come.

Conti leadership has worked with other minor ransomware gangs to carry out assaults rather than rebranding themselves as another huge ransomware operation.

The smaller ransomware gangs benefit from this relationship by receiving an infusion of skilled Conti pentesters, negotiators, and operators. By subdividing into smaller “cells” that are all supervised by the central leadership, the Conti cybercrime syndicate is able to increase its mobility and its ability to evade law enforcement more effectively.

According to the study published by Advanced Intel, Conti has collaborated with a wide variety of well-known ransomware operations, some of which include HelloKitty, AvosLocker, Hive, BlackCat, and BlackByte, amongst others.

The current members of Conti, who include negotiators, intelligence analysts, pentesters, and coders, are dispersed among a number of different ransomware operations. Even though these individuals will now utilize the encryptors and negotiation sites used by the other ransomware operation, they are still a part of the bigger Conti criminal organization.

This fragmentation into smaller units that are either fully or partially autonomous is shown in the picture that was provided by Advanced Intel and can be found below.

According to Advanced Intel, new independent groups of Conti members have been formed recently, and the primary objective of these groups is data exfiltration rather than data encryption. Karakurt, BlackByte, and the Bazarcall collective are just a few examples of this type of grouping.

The current cybercrime syndicate is able to continue its operations as a result of these actions; however, it will no longer operate under the Conti brand.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!