The break up would mark the end for one of the most notorious ransomware cartels, responsible for hundreds of attacks worldwide.
The official website for Conti ransomware was shut down, signaling that the notorious group is disbanding, Yelisey Boguslavskiy, the Head Of Research at threat and loss prevention firm Advintel claims.
Conti, a ransomware-as-a-service (RaaS) provider, is one of the most active cartels in the business. Reports show that the group attacked a staggering 670 victims between Q1 2021 and Q1 2022, or around two per day.
According to Boguslavskiy, while older onion versions of the Conti blog are still accessible, the internal panels and hosts are down, signaling that the digital structure that supports the group is being dismembered.
Advintel's CEO, Vitali Kremez, proclaimed that technically Conti ransomware was dead two weeks ago. According to him, the group, a successor to the Ryuk ransomware, no longer provided new builds and thus is dead.
Conti started operating in late 2019, and it runs Conti.News data leak site. The group gets initial access through stolen RDP credentials and phishing emails with malicious attachments.
Experts believe that Conti attacks resemble tactics seen in nation-state attacks. The groups also rely on human-operated attacks instead of increasingly popular automated intrusions. Conti attempts to find a buyer for the data before posting it on the site.
The government of Costa Rica, Ireland's HSE, Volkswagen Group, several US cities, counties, and school districts were affected by Conti. Conti has been observed to lurk in the networks for anywhere between a few days to even weeks before actually launching ransomware.
The group is believed to be based in the second largest Russian city of Saint Petersburg. It's also speculated that the people behind Conti used to be in charge of another prominent ransomware cartel, Ryuk.
As with many modern extortion gangs, Conti offers a Ransomware-as-a-Service (RaaS) package, selling its malware to affiliates. The core team takes 20-30% of a ransom payment, while the affiliates keep the rest of the loot.
In March, after Conti had announced its allegiance with Vladimir Putin, a pro-Ukrainian insider set up a Twitter account named Conti leaks to expose the ransomware gang.
More from Cyebernews:
Subscribe to our newsletter