Security News > 2022 > May > Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques.

Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three-month-period between October and December 2021.

While Conti's conversations with victims are professional and marked by the use of different persuasion tactics to convince victims to pay the ransom, Hive employs a "Much shorter, more direct" informal approach.

Besides offering holidays and special discounts, Conti is also known to offer "IT support" to prevent future attacks, sending its victims a so-called security report that lists a series of steps the affected entities can take to secure their networks.

"After encrypting victim networks, ransomware threat actors increasingly used 'triple extortion' by threatening to publicly release stolen sensitive information, disrupt the victim's internet access, and/or inform the victim's partners, shareholders, or suppliers about the incident," CISA noted in an advisory earlier this year.

"Like many cybercriminals, Conti and Hive are opportunistic actors who likely seek to compromise victims through the easiest and fastest means possible, which often include exploiting known vulnerabilities," McKay said.

News URL

https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html