Conti effectively created an extortion-oriented IT company, says Group-IB

2022-06-23 12:06

In slightly more than a month, the Conti ransomware collective compromised more than 40 companies worldwide, and the fastest attack took only three days, Group-IB's noted in its latest report detailing the workings of one of the most prolific ransomware / extortion gangs out there.

By the end of 2021, Conti came out on top as one of the largest and most aggressive groups, having published data belonging to 530 companies on its DLS. In just four months in 2022, the group posted information belonging to 156 companies, making for a total of 859 DLS victims in two years, including 46 in April 2022.

Most likely, the group members are located in different time zones; however, the schedule shows their high efficiency: on average, Conti "Works" 14 hours a day without holidays and weekends.

The group starts working closer to noon and its activity declines only after 9:00 PM. The geography of Conti's attacks is vast but does not include Russia.

"Conti's increased activity and the data leak suggest that ransomware is no longer a game between average malware developers, but an illicit RaaS industry that gives jobs to hundreds of cybercriminals worldwide with various specializations. In this industry, Conti is a notorious player that has in fact created an 'IT company' whose goal is to extort large sums," says Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB's Threat Intelligence department.

"It is difficult to predict what will happen to Conti in the future: whether it will continue working after a large-scale rebranding or be divided into smaller sub-projects. It is clear that the group will continue its operations, either on its own or with the help of its 'subsidiary' projects."

News URL

https://www.helpnetsecurity.com/2022/06/23/conti-ransomware/

#conti