Group-IB: Conti has actually created an IT company focused on extortion


The Group-IB company investigated a series of attacks carried out by the Russian-speaking hacker group of extortionists Conti. In about a month, the attackers managed to compromise more than 40 companies around the world. At the same time, the attackers do not work against Russian companies.

According to Forbes with reference to a copy of the report, the “criminal IT company” Conti, has a human resources department, research and development (R&D), open source intelligence (OSINT), as well as regular salaries, a bonus system and vacations. Work schedule: 14 hours, on average from 12:00 to 21:00 Moscow time, seven days a week.

Since the beginning of 2022, Conti has published data on 156 companies attacked by the group. In total, their list of victims includes more than 850 organizations from various industries, as well as government agencies. This is stated in the analytical report of Group-IB.

The authors of the report call the Russian-speaking hackers Conti one of the most successful groups engaged in data encryption for ransom. The first mention of Conti appeared in February 2020 after malicious files with the .conti extension of the same name first appeared on the radars of Group-IB researchers. However, test versions of this malware date back to November 2019.

Since July 2020, Conti has begun to actively use the technique of “double extortion” – double pressure on the victim: in addition to extortion for decrypting data, attackers post on their own website data from victim companies that refused to pay a ransom.

The largest number of attacks by a Russian-speaking group of hackers falls on the USA (58.4%), Canada (7%), Great Britain (6.6%), Germany (5.8%), France (3.9%) and Italy (3.1%). They are not attacking Russia. According to Group-IB, there are a total of more than 65,000 bitcoins on Conti’s crypto wallets (approximately $1.34 billion at the current exchange rate). Nevertheless, it is reported that Conti now has serious financial problems due to the fact that its “boss” is lying low, but the participants plan to restart the project in 2-3 months.

Start a discussion …