The infamous Conti ransom ring has announced that it has officially ceased operations, its infrastructure has been taken offline and the ring’s leaders have announced that the brand no longer exists. The news comes from Advanced Intel’s Yelisey Boguslavskiy, who tweeted today that the group’s internal infrastructure has been shut down.
The Conti News
While the public-facing “Conti News” data breach and ransom negotiation site is still online, Boguslavskiy told BleepingComputer that the Tor admin panel that members used to perform negotiations and post “news” on their data breach site is now closed. The Tor admin panel that members used to perform negotiations and post “news” on their data breach site is now closed. In addition, BleepingComputer has been told that other internal services, such as their Rocket Chat server, are being decommissioned.
A few days ago, Costa Rica announced a “war” on Conti, but the related activities are not fully underway at the moment, so the shutdown seems a bit strange now. Boguslavskiy revealed that Conti’s current attack, which was so public, was intended to raise the flag and make a name for itself, while Conti’s members gradually migrated to smaller ransomware operations.
A report released by Advanced Intel said, “AdvIntel’s unique adversarial visibility and intelligence findings, however, led to the opposite conclusion in fact. the only thing Conti wanted to achieve with this final attack was to use the platform as a propaganda tool to enact their own death and subsequent rebirth in the most logical way possible “.
Under this partnership, smaller ransomware groups gain access to a large pool of experienced Conti Five, negotiators and operators, and the Conti cybercrime group gains mobility and greater evasion of law enforcement by splitting into smaller “cells” that are managed by a central leadership.
The Advanced Intel report explains that Conti has worked with many high-profile ransomware operations, including HelloKitty, AvosLocker, Hive, BlackCat, BlackByte and others.
CONTI is starting to work with some ransomware, which is not a good thing for businesses and organizations. It shows that ransomware attacks will not stop, but will get worse. When ransomware cooperates, the attacks will be stronger. Therefore, enterprises and organizations should pay attention to their data security. Use reasonable ways to protect your data, such as backup disaster recovery. There are many new backup software nowadays, such as VMware Backup, Hyper-V Backup, Xenserver Backup and so on.