Skip to main content

Notorious ransomware gang Conti shuts down, but not for good

The ransomware group known as Conti has officially shut down, with all of its infrastructures now offline.

Although this might seem like good news, it’s only good on the surface — Conti is not over, it has simply split into smaller operations.

Conti split chart.
Advanced Intel

Conti was launched in the summer of 2020 as a successor to the Ryuk ransomware. It relied on partnerships with other malware infections in order to distribute. Malware such as TrickBot and BazarLoader was the initial point of entry for Conti, which then proceeded with the attack. Conti proved to be so successful that it eventually evolved into a cybercrime syndicate that took over TrickBot, BazarLoader, and Emotet.

Recommended Videos

During the past two years, Conti carried out a number of high-profile attacks, targeting the City of Tulsa, Advantech, and Broward County Public Schools. Conti also held the IT systems of Ireland’s Health Service Executive and Department of Health ransom for weeks and only let go when they were facing serious trouble from law enforcement around the world. However, this attack gave Conti a lot of attention from the global media.

Most recently, it targeted the country of Costa Rica, but according to Yelisey Bogslavskiy of Advanced Intel, the attack was just a cover-up for the fact that Conti was disbanding the whole operation. Boguslavskiy told Bleeping Computer that the attack on Costa Rica was made so public in order to give the members of Conti time to migrate to different ransomware operations.

“The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $1 million (despite unverified claims of the ransom being $10 million, followed by Conti’s own claims that the sum was $20 million),” says a yet-to-be-published report from Advanced Intel, shared ahead of time by Bleeping Computer.

Conti ransomware group logo.
BleepingComputer

The ultimate end to Conti was brought on by the group’s open approval of Russia and its invasion of Ukraine. On official channels, Conti went as far as to say that it will pool all of its resources into defending Russia from possible cyberattacks. Following that, a Ukrainian security researcher leaked over 170,000 internal chat messages between the members of the Conti group, and ultimately also leaked the source code for the gang’s ransomware encryptor. This encryptor was later used to attack Russian entities.

As things stand now, all of Conti’s infrastructure has been taken offline, and the leaders of the group said that the brand is over. However, this doesn’t mean that Conti members will no longer pursue cybercrime. According to Boguslavskiy, the leadership of Conti decided to split up and team up with smaller ransomware gangs, such as AvosLocker, HelloKitty, Hive, BlackCat, and BlackByte.

Members of the previous Conti ransomware gang, including intel analysts, pentesters, devs, and negotiators, are spread throughout various cybercrime operations, but they are still part of the Conti syndicate and fall under the same leadership. This helps them avoid law enforcement while still carrying out the same cyberattacks as they did under the Conti brand.

Conti was considered one of the most expensive and dangerous types of ransomware ever created, with over $150 million of ransom payments collected during its two-year stint. The U.S. government offers a substantial reward of up to $15 million for help in identifying the individuals involved with Conti, especially those in leadership roles.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
AstraLocker ransomware dev has change of heart, shuts down
faceless hacker in a black hoody

If you thought the threat actors behind ransomware were heartless criminals, think again. The person who made the AstraLocker ransomware virus has had a change of heart and shut down the malware. They even gave the decryption keys to Virus Total.

The news comes from a Bleeping Computer report after the AstraLocker developer contacted them. The developer told Bleeping Computer it was fun running AstraLocker but it was time to shut it down. See? They're not all bad.

Read more
Ransomware gangs are evolving in new and dangerous ways
Silhouette of male hand typing on laptop keyboard at night.

With digital technology growing at a rapid pace, ransomware gangs and their methods continue to advance at an aggressive rate as well.

This observation was detailed by cybersecurity and antivirus giant Kaspersky via a new report, highlighting fresh ransomware trends that have materialized throughout 2022.

Read more
This researcher just beat ransomware gangs at their own game
A digital depiction of a laptop being hacked by a hacker.

A security researcher has discovered key flaws pertaining to popular ransomware and malware -- a state of affairs that could lead to their creators entirely rethinking the approach to infiltrate potential victims.

Currently, among the most active ransomware-based groups are the likes of Conti, REvil, Black Basta, LockBit, and AvosLocker. However, as reported by Bleeping Computer, the malware developed by these cyber gangs has been found to come with crucial security vulnerabilities.

Read more