Many members of Conti are believed to be based in Russia or neighboring regions. For years, the Kremlin largely turned a blind eye to cybercriminals based in the country, making it a home base for several ransomware groups. Leaked Conti files reveal that some high-ranking gang members appear to have connection with the Russian state and security services. Group members chatted about working on “political” topics and knew members of the Russian hacking group Cozy Bear, also known as Advanced Persistent Threat 29.
“Conti has publicly acknowledged its ties to foreign governments, particularly their support of the Russian government,” said US Air Force Major Katrina Cheesman, a spokeswoman for the Mission. National Network said. “Based on its relationship with Conti and other metrics, it is estimated that the leadership of the organized crime group known as the Wizard Spider may have connections to government entities within. Russia,” added Cheesman.
Since the Conti Files were leaked in early March, many cybersecurity companies have been working on the documents. That is believe that Professor. security. In other cases, some of the online nicknames used by the actors of the Conti group could, in fact, refer to the same person.
In addition to the Conti files, there have been other leaks from the broader cybercrime organization. Earlier this year, a Twitter account named Trickleaks began posting the alleged names and personal details of Trickbot members. Doxxing, which has not been independently verified but is believed to be at least partially accurate, displays photos of alleged members and social media accounts, their passport details, etc.
Jeremy Kennelly, senior manager of financial crime analysis at cybersecurity firm Mandiant, said that continued action against Conti and Trickbot is “critical” in helping to stop ransomware groups from monetizing and attack businesses. “Removing the anonymity of key players, offering bonuses, seizing illicit funds, and public statements of intent are key actions that can help increase real and potentially valuable risk.” be aware of engaging in ransomware activities and can ultimately lead to chilling effects for some criminals and/or organizations,” said Kennelly.
Rewards for Justice officials say they will be publishing a call for information about Conti members in multiple languages and urge people to get in touch via the Tor link. All tips they receive will be verified and every potential customer must pass multiple steps before payment is made. They say that it is theoretically possible to issue multiple $10 million worth of rewards. Officials are specifically targeting Russian-language online spaces, saying reward details will be posted to the Russian social network VK and also hacking forums.
In recent weeks, Conti’s activities have gradually decreased, as believe the team is trying to rebrand after leaking its internal chats. However, many members are still said to be active and involved in other anti-cybercrime efforts. These types of ransomware attacks can have a huge impact on businesses and wider society.
“Although these are not state-sponsored groups, they regularly carry out high-impact attacks like these,” said Allan Liska, an analyst at security firm Recorded Future, which specializes in ransomware. any nation-state group and they should be treated as such,” said Allan Liska, an analyst at security firm Recorded Future that specializes in ransomware. . “This probably won’t lead to the arrest of members of Conti, unless any of them are stupid enough to step foot outside of Russia. The intelligence that can be gathered through this reward can prove invaluable. “
