Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Hello everyone, dear friends!
Today, at the request of one of my subscribers, I will tell you about one of the most aggressive and successful hacker groups - Conti.
I believe that Conti is the most successful hacker group of the last three years. In April 2022 alone, it was able to compromise about 40 companies around the world. No other ransomware operator can boast such efficiency.
Sit back, get comfortable, it's going to be interesting!
Conti uses a ransomware-as-a-service (RaaS) business model , with malware developers handling the malware and payment sites, while their hired “partners” hack victims’ networks and encrypt devices. The ransom payments are then split between the group itself and its “partners,” with the latter typically receiving 70-80% of the total. While some ransom payments have run into the millions, Coveware estimates that the average ransom demand from Conti members is just over $765,000.
Conti is made up of people with a variety of responsibilities, including malware coders, testers, system administrators, and "HR" staff who handle hiring, as well as negotiators who work with victims and try to get the blackmail paid.
Conti is known for its devastating cyberattack in 2020, which targeted 16 healthcare facilities in the United States. In May 2022, the US government offered a $10 million reward for information about the group. But that's not the limit!
On July 25, the US State Department increased the reward to $15 million for information leading to the identification of the hackers and the location of Conti members and management.
In total, six state-important departments suffered from attacks by the Russian group over several days in April. The exporters' union estimated the damage at $200 million. The system responsible for paying salaries and pensions to all Costa Rican government employees was also stopped. During the attack, Conti hackers leaked 670 gigabytes of strategic data to the network. After some time, other attackers will use them for attacks.
Russian hackers asked for only $10 million not to encrypt government systems and leak hundreds of gigabytes of confidential data. The outgoing head of state, Carlos Alvarado, flatly refused to pay the Russian cybercriminals. He only managed to get help from the US, Israel and other countries. He did not consider it necessary to deal with the root of the problem by paying Russian hackers.
By early May, the attacks began to spread to institutions, funds, and power companies. The damage grew, and Carlos Alvarado safely resigned as head of state, handing over his powers to Rodrigo Chavez. The Russian hackers did not like the inaction of the Costa Rican authorities, and they decided to increase the ransom to $20 million. On May 10, a state of emergency was declared in the country.
The State Department announced the reward through the Rewards for Justice program Twitter account, saying it was seeking information on cybercriminals associated with Conti, Wizard Spider, or Trickbot.
The post says that a $10 million reward will be offered to anyone who sends information that identifies the cybercriminals with the aliases "PROFESSOR," "RESHAEV," "TRAMP," "DANDIS," and "TARGET." The post also includes a photo of a man who allegedly participated in the gang's activities under the alias "TARGET."
As I wrote above, the US State Department has increased the reward to $15 million for information leading to the identification and location of Conti participants and management.
In addition, the US authorities promised to pay $5 million for information that will allow the arrest of individuals who are in collusion with the group or attempting to participate in its activities.
Today, at the request of one of my subscribers, I will tell you about one of the most aggressive and successful hacker groups - Conti.
I believe that Conti is the most successful hacker group of the last three years. In April 2022 alone, it was able to compromise about 40 companies around the world. No other ransomware operator can boast such efficiency.
Sit back, get comfortable, it's going to be interesting!
Let's get to know each other better
Conti is a Russian-speaking hacker group that uses a ransomware program of the same name in its arsenal. Every tenth attack of this type was carried out with the help of the program in the first quarter of 2021.Conti uses a ransomware-as-a-service (RaaS) business model , with malware developers handling the malware and payment sites, while their hired “partners” hack victims’ networks and encrypt devices. The ransom payments are then split between the group itself and its “partners,” with the latter typically receiving 70-80% of the total. While some ransom payments have run into the millions, Coveware estimates that the average ransom demand from Conti members is just over $765,000.
Conti is made up of people with a variety of responsibilities, including malware coders, testers, system administrators, and "HR" staff who handle hiring, as well as negotiators who work with victims and try to get the blackmail paid.
Conti is known for its devastating cyberattack in 2020, which targeted 16 healthcare facilities in the United States. In May 2022, the US government offered a $10 million reward for information about the group. But that's not the limit!
On July 25, the US State Department increased the reward to $15 million for information leading to the identification of the hackers and the location of Conti members and management.
Conti - Authors of the Biggest Cyberattack of 2022
We would like to dwell in more detail on one of the group's recent cyberattacks. It is notable for the fact that during it, hackers were able to bring an entire country to a state of emergency .On April 18, 2022, the Costa Rican Ministry of Finance was the first to report an attack by Russian ransomware hackers. Several processes were paralyzed at once: the tax collection system, import and export . The Conti hackers' next targets were the social security administration system and the Ministry of Labor.
In total, six state-important departments suffered from attacks by the Russian group over several days in April. The exporters' union estimated the damage at $200 million. The system responsible for paying salaries and pensions to all Costa Rican government employees was also stopped. During the attack, Conti hackers leaked 670 gigabytes of strategic data to the network. After some time, other attackers will use them for attacks.
Russian hackers asked for only $10 million not to encrypt government systems and leak hundreds of gigabytes of confidential data. The outgoing head of state, Carlos Alvarado, flatly refused to pay the Russian cybercriminals. He only managed to get help from the US, Israel and other countries. He did not consider it necessary to deal with the root of the problem by paying Russian hackers.
By early May, the attacks began to spread to institutions, funds, and power companies. The damage grew, and Carlos Alvarado safely resigned as head of state, handing over his powers to Rodrigo Chavez. The Russian hackers did not like the inaction of the Costa Rican authorities, and they decided to increase the ransom to $20 million. On May 10, a state of emergency was declared in the country.
- Here's what Conti themselves had to say about this:
By the twenties of May 2022, the attacks had ceased.
The collapse of the Conti group
On May 20, 2022, Conti hackers announced that they had ceased their activities and shut down their ransomware infrastructure. However, I believe that the attack on Costa Rica was more of an image than a money story. The hackers wanted to make some noise and advertise themselves.- At the moment, former Conti members have created a number of autonomous groups that will be engaged in data theft:
- The first group, the Silent Ransom Group (SRG), has targeted at least 94 organizations since May, focusing solely on stealing data and extorting victims. The group has focused heavily on organizations in the healthcare sector with annual revenues ranging from $500,000 to over $100 billion, with nearly 40% having revenues above $1 billion.
- The second group, Quantum, began using its version of BazarCall in the Jörmungandr (Midgard Serpent) campaign in mid-June 2022. The hackers recruited people specializing in spam, OSINT, design, and call center operators. Quantum targeted 5 large companies with annual revenues of over $20 billion, most of which were in the healthcare sector.
- The third group, "Roy/Zeon" , whose hackers were involved in creating the Ryuk ransomware, uses social engineering techniques to attack companies with high annual revenue or from sensitive industries.
- Some of the participants have already joined existing groups such as: HelloKitty, AvosLocker, Hive, BlackCat, BlackByte and others.
A tasty catch for the American authorities
On August 12, 2022, the US government released a photo of an alleged member of the notorious Conti ransomware group.
The State Department announced the reward through the Rewards for Justice program Twitter account, saying it was seeking information on cybercriminals associated with Conti, Wizard Spider, or Trickbot.
The post says that a $10 million reward will be offered to anyone who sends information that identifies the cybercriminals with the aliases "PROFESSOR," "RESHAEV," "TRAMP," "DANDIS," and "TARGET." The post also includes a photo of a man who allegedly participated in the gang's activities under the alias "TARGET."
As I wrote above, the US State Department has increased the reward to $15 million for information leading to the identification and location of Conti participants and management.
In addition, the US authorities promised to pay $5 million for information that will allow the arrest of individuals who are in collusion with the group or attempting to participate in its activities.
