September 26, 2022

Robotic Notes

All technology News

Leaked correspondence and files expose infamous Conti ransomware gang

3 min read

An unknown member of the infamous Conti ransomware gang has been leaking internal documentation about the gang after it came out in support of Russia’s invasion of Ukraine.

The leaks started in late February in the days following the Russian invasion, with the leaker making it very clear that he or she was doing so because in support of Ukraine. Conti first emerged in 2020 and has quickly become one of the most prolific ransomware groups. It’s believed to have extorted $ 180 million from victims.

Previous Conti victims include Ireland’s health service, Advantech Co. Ltd., voice-over-internet-protocol hardware and software maker Sangoma Technologies Corp., hospitals in Florida and Texas, Tesla Inc. and Apple Inc. supplier Delta Electronics Inc. in January and kitchenware maker Meyer Corp. US in February.

Dubbed the “Panama Papers of ransomware” by John Fokker, the head of investigations at Trellix, the leaked material offers a rare insight into the workings and activities of a major ransomware gang. Files leaked include chat logs, infrastructure and the economics of how the gang operates. Notably, some of the correspondence shows that Conti has links to the Kremlin and the Russian government.

As detailed Wednesday by researchers by BreachQuest Inc., the leaks show Conti to be a multilayered organization that operates like a company that hires and even fire contractors and salaried employees alike. That analysis includes a detailed Conti organization chart that shows the various people involved in the gang, starting from Stern, “the big boss” at the top of the group.

Apparently, hiring for a criminal ransomware gang is not that easy, despite the large amounts of money involved.

“Conti understands that the turnover ratio of workers is also very high due to the fact that they are running a criminal organization,” the BreachQuest researchers noted. “The Conti group has an HR / Recruiter that assists with the continual finding and recruitment of new candidates.”

Conti’s overhead costs were also detailed, as well as what they call “Project Blockchain,” an effort to create its own “altcoin” or form of cryptocurrency. Also detailed were operation details, such as how Conti compromises sites, escalates attacks and receives payment and the various tools used by the gang to spy on and compromise victims.

“The leaks reveal Conti’s arsenal and their mindset,” the researchers at BreachQuest said. They added that they “believe that many offspring or splinter ransomware groups will appear as this level of knowledge and insight that has never before been shared.”

Image: Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link