Select Page

The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research.

Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is the second most prevalent malware strain in the ransomware landscape, accounting for 19% of all attacks during the three-month-period between October and December 2021.

One of the most prolific ransomware groups of the last year along the likes of LockBit 2.0, PYSA, and Hive, Conti has locked the networks of hospitals, businesses, and government agencies, while receiving a ransom payment in exchange for sharing the decryption key as part of its name-and-shame scheme.

But after the cybercriminal cartel came out in support of Russia over its invasion of Ukraine in February, an anonymous Ukrainian security researcher under the Twitter handle ContiLeaks began leaking the source code as well as private conversations between its members, offering an unprecedented insight into the group’s workings.

“The chats reveal a mature cybercrime ecosystem across multiple threat groups with frequent collaboration and support,” Secureworks said in a report published in March. “Members of groups previously believed to be distinct collaborated and frequently communicated with members of other threat groups.”

images from Hacker News