Conti group has ceased its activities

image

According to the head of the Advanced Intel research department, Yelisey Boguslavsky, the Conti group announced the termination of its activities and disconnected the group’s infrastructure.

“Conti Ransomware is no more! Today, the official website of Conti Ransomware has been closed, which means the end of a well-known criminal gang. This is truly a historic day in the intelligence community! (Intelligence Community, IC)»Boguslavsky wrote on Twitter.

Despite the closure of the Conti Ransomware brand, the hacker team will play an important role in the ransomware industry for a long time. According to Advanced Intel, Conti’s negotiators, analysts, pentesters and developers now work in smaller groupings, but still remain part of a large Conti syndicate. Divided into smaller “cells”, Conti gained mobility and greater ability to evade law enforcement agencies. All small hacker teams will continue to be controlled by the central leadership of the group.

According to the Advanced Intel report, Conti cooperates with HelloKitty, AvosLocker, Hive, BlackCat, BlackByte Karakurt, Bazarcall and others. The new autonomous groups created by Conti members will focus on stealing data, not encrypting it. The existing cybercriminal team will continue its activities, but no longer under the name Conti.

The Conti News data leak portal and ransom negotiation sites are still active, but the Tor admin panels for negotiating and publishing stolen data are now disabled. Chat servers are also inactive.

The termination of Conti’s activities occurred in the midst of a cyber war with Costa Rica. According to Boguslavsky, Conti launched this public attack to conceal the real operation. At this point, the group gradually moved on to smaller extortion operations. According to Advanced Intel, the plan to carry out an attack on Costa Rica was announced by Conti for advertising, not for
ransom.

Start a discussion …