Experts at the Swiss information security company Prodaft have calculated that over the past five months, Conti ransomware operators have earned at least $ 25.5 million from their attacks.
The company said it has partnered with blockchain analysts at Elliptic to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is the first and only attempt to measure Conti's earnings to date.
Experts at Prodaft and Elliptic say they recorded several transactions that split $ 6.2 million from Conti's profits and were sent to a so-called "consolidation wallet." The discovery of this wallet is good news, as it could become a target for law enforcement and allow the authorities to confiscate a significant portion of the hack group's profits, as the US Justice Department previously did with one of REvil's partners.
However, Prodaft notes that Conti's operators manage the consolidation wallet themselves, and the group's partners are not involved. They usually launder profits through shadow exchanges, Wasabi, and through Russian-language marketplaces like Hydra.
In addition, the researchers said they also tracked ransom payments and how the grouping distributed profits to its partners.
It is worth pointing out that after the termination of such ransomware as Avaddon, REvil, DarkSide and BlackMatter, the Conti group, along with LockBit, became the most active RaaS platforms in the world. This explains the interest in hackers both on the part of information security experts and on the part of special services.
The company said it has partnered with blockchain analysts at Elliptic to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is the first and only attempt to measure Conti's earnings to date.
Experts at Prodaft and Elliptic say they recorded several transactions that split $ 6.2 million from Conti's profits and were sent to a so-called "consolidation wallet." The discovery of this wallet is good news, as it could become a target for law enforcement and allow the authorities to confiscate a significant portion of the hack group's profits, as the US Justice Department previously did with one of REvil's partners.
However, Prodaft notes that Conti's operators manage the consolidation wallet themselves, and the group's partners are not involved. They usually launder profits through shadow exchanges, Wasabi, and through Russian-language marketplaces like Hydra.
In addition, the researchers said they also tracked ransom payments and how the grouping distributed profits to its partners.
It is worth pointing out that after the termination of such ransomware as Avaddon, REvil, DarkSide and BlackMatter, the Conti group, along with LockBit, became the most active RaaS platforms in the world. This explains the interest in hackers both on the part of information security experts and on the part of special services.
