The ransomware group known as Conti has officially closed, with all of its infrastructure now offline.
While this may sound like good news, it’s just a good surface – Conti isn’t over, it’s just split into smaller operations.
Conti was launched in the summer of 2020 as a successor to the Ryuk ransomware. It relied on partnerships with other malware infections to distribute. Malware such as TrickBot and BazarLoader were the starting point for Conti, who then proceeded with the attack. Conti proved to be so successful that it later evolved into a cybercrime syndicate that took over TrickBot, BazarLoader, and Emotet.
Over the past two years, Conti has made a number of high-profile attacks, targeting the City of Tulsa, Advantech, and Broward County Public Schools. Conti also held the IT systems of the Health Service Executive of Ireland and the Department of Health ransom for weeks and only let go when they encountered major problems from police across the world. However, this attack has given Conti a lot of attention from the global media.
Most recently, it targeted the country of Costa Rica, but according to Yelisey Bogslavskiy Advanced Intel, the attack was just a cover-up for the fact that Conti disbanded the entire operation. Boguslavsky recounted Blooming Computer that the attack on Costa Rica was made so public as to give Conti members time to migrate to different redeemable operations.
“The agenda for the attack on Costa Rica for publicity in lieu of ransom was stated within Conti’s leadership. followed by Conti’s claims that the amount was $ 20 million), “says a still unpublished article. Advanced Intel report, previously shared by Bleeping Computer.
The final end to Conti was caused by the open approval of the Russian group and its invasion of Ukraine. On official channels, Conti went so far as to say that it would join all its means to defend Russia against possible cyber attacks. Following that, a Ukrainian security researcher leaked more than 170,000 internal chat messages between members of the Conti group, and ultimately also leaked the source code for the gang’s ransomware cipher. This cipher was later used to attack Russian units.
As things stand now, all of Conti’s infrastructure was offline, and the group’s leaders said the brand was over. However, this does not mean that Conti members will no longer deal with cybercrime. According to Boguslavskiy, Conti’s leadership decided to break up and team up with smaller ransomware gangs, such as AvosLocker, HelloKitty, Hive, BlackCat, and BlackByte.
Members of Conti’s former ransomware gang, including analysts, Pentecostals, devs and negotiators, are spread through various cybercrime operations, but they continue to be part of the Conti syndicate and fall under the same leadership. This helps them avoid police while still committing the same cyber attacks as they did under the Conti brand.
Conti was considered one of the most expensive and dangerous types of ransomware ever created, with more than $ 150 million in ransom money collected during its two-year term. The U.S. government is offering a large reward of up to $ 15 million for assistance in identifying the individuals involved with Conti, particularly those in leadership roles.