Conti: Still here, Still Dangerous
The nefarious organization known as “Conti” is still an active global ransomware group. Late in February 2022, the infosec community began circulating leaks of internal chat logs and details about Conti operations. These leaks were provided by a Ukrainian security researcher, who was upset by their support of the Russian invasion of Ukraine. The feeling at the time of the leaks was that this would end their operations. But as the weeks progressed, new cases were coming to light, and they continued releasing data from their victims. Our research team did up a detailed analysis in The Conti Leaks | Insight into a Ransomware Unicorn.
Conti is Still Active
Conti has always capitalized on the perfect opportunity to extract maximum profits from victims. One of their most recent ransomware attacks was on the Costa Rican government. Costa Rica’s Ministry of Finance government agency was attacked and has been without digital services since April 18th and has failed to pay. Our research showed that this group has shown itself to be a multi-layered organization that takes time to encrypt endpoints, servers, and backups. This complete control adds pressure to the victims to pay the ransom requested from Conti. If the victim does not pay, the Conti group begins to slowly release the victim’s data that has been extracted from their networks. The Conti Group has released 97% of Costa Rica’s stolen data as of writing this.
Conti’s Dangerous New Phase
Lately, we see the Conti group display higher animosity towards their victims. As discussed in our blog, Conti’s Dangerous New Phase, money is now not the only factor. In the past, Conti would negotiate the price of ransoms with the victim to make the payment more feasible to pay off. Since the start of the Russia-Ukraine War and the Conti Leaks, many of Conti’s blog posts have been more anger-driven. In the post of Costa Rica’s data, they stated: “It is impossible to look at the decisions of the administration of the President of Costa Rica without irony, all this could have been avoided by paying you would have made your country really safe, but you will turn to Bid0n and his henchmen, this old fool will soon die.”
On May 10th, 2022, Conti made an update on their blog announcing that the government of Peru was their latest victim. They threatened to cut off their “water or light supply” if the ransom payment were not paid. Two of the last three victims of Conti have been South American nation-states. It seems that they will continue big game hunting in the future.
Be Prepared
With the increasing number of attacks, all companies require strengthening their security infrastructure to prevent potential threats. While times are uncertain, the best protection is preparedness. Build your strong cybersecurity foundation follow our Cybersecurity Practices for Secure Infrastructure.