Security News > 2022 > May > Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
2022-05-24 20:05

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte.

"From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is shutting down," AdvIntel researchers Yelisey Bogusalvskiy and Vitali Kremez said in a report.

The Conti team is believed to have been actively creating subdivisions for over two months.

The diversion tactics aside, Conti's infiltration specialists are also said to have forged alliances with other well-known ransomware groups such as BlackCat, AvosLocker, Hive, and HelloKitty.

TrickBot, whose elite Overdose division spawned the creation of Ryuk and its successor Conti, has since been shut down and absorbed into the collective, turning TrickBot into a Conti subsidiary.

"This means partner agreements, specialized roles, business-like R&D and marketing groups and so on. And because Conti is beginning to mirror the sorts of activities we see among legitimate companies, it's no surprise they are changing."


News URL

https://thehackernews.com/2022/05/conti-ransomware-gang-shut-down-after.html