Black Basta may be an all-star ransomware gang made up of former Conti and REvil members. Earlier this month, a report surfaced that former ransomware group Conti had split up, with many members of the collective joining or creating new adversary factions and why that made these former members more dangerous than ever.
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. Conti left one member behind to continue leaking data and taunting Costa Rica to create a facade of a running operation while its members quietly moved to other ransomware gangs.
In slightly more than a month, the Conti ransomware collective compromised more than 40 companies worldwide, and the fastest attack took only three days, Group-IB's noted in its latest report detailing the workings of one of the most prolific ransomware / extortion gangs out there. By the end of 2021, Conti came out on top as one of the largest and most aggressive groups, having published data belonging to 530 companies on its DLS. In just four months in 2022, the group posted information belonging to 156 companies, making for a total of 859 DLS victims in two years, including 46 in April 2022.
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. During the campaign, Conti affiliates managed to compromise more than 40 organizations in various sectors of activity operating across wide geography but with a focus on companies based in the U.S. A Group-IB spokesperson told BleepingComputer that ARMattack was very swift and explained that the company's report refers to organizations that had their networks compromised.
Conti reforms into several smaller groups, are they now more dangerous than ever? While this may seem like good news at first glance, the restructure into smaller cybercrime groups may make the members even more dangerous.
The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers. Recently leaked Conti documents show the criminals developed the software more than nine months ago, and this is important because exploiting these kinds of weaknesses expands the extend and depth of an intrusion, the firmware security shop's analysis noted.
An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium said in a report shared with The Hacker News.
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. It is important to note that contrary to TrickBot's module that targeted UEFI firmware flaws, aiding Conti infections and later undertaken by the ransomware group, the new findings indicate that the malicious engineers were striving to discover new, unknown vulnerabilities in the ME. Firmware attacks in ransomware.
Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is shutting down," AdvIntel researchers Yelisey Bogusalvskiy and Vitali Kremez said in a report.
The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels.