(844) 627-8267
(844) 627-8267
0

The rise and fall of the Conti ransomware group | #ransomware | #cybercrime


For around two years the Conti ransomware group rampaged across the internet. They attacked hospitals, educational institutions, businesses, governments, and many more, raking in hundreds of millions of dollars in ransomware payments.

Business was booming for the cybercriminals. At least it was until the Russian President Vladimir Putin announced the full-scale invasion of Ukraine. The Conti leadership quickly pledged their loyalty to Russia and then everything began to fall apart.

This is the story of one of the most professional, prolific, and devastating organized cybercriminal groups in history.

Speaker(s):

Selina Larson – Senior Threat Intelligence Analyst and DISCARDED Podcast Co-host at ProofpointTwitter

Berk Albayrak, Threat Intelligence Analyst within the PRODAFT Threat Intelligence team and expert on Wizard Spider – Twitter

Conor Gallagher – Crime and Security Correspondent of the Irish Times – Twitter

Allan Liska, Threat Intelligence Analyst at Recorded Future and author of Ransomware: Understand. Precent. Recover. – Twitter

Juan Ignacio Nicolossi, the team leader for the Threat Intelligence Team at PRODAFT.

Zoë Brammer, Cyber & Information Operations Associate at the Institute for Security and TechnologyRansomware Ecosystem Map

Jake Moore, Global Cybersecurity Advisor for ESET.

Artwork by Paulina Rosol-Barrass

Additional Reading:

Reports/Papers:

PRODAFT – Conti Ransomware Group In-Depth Analysis

PRODAFT – Wizard Spider In-Depth Analysis

Google – Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape

DISCARDED Podcast (Proofpoint) – Defending Against Cyber Criminals: Emotet’s Resurrection & Conti’s Implosion – April 12 2022

pwc – Conti cyber attack on the HSE: Independent Post Incident Review

CNN – ‘I can fight with a keyboard’: How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

Proofpoint – The Human Factor Report 2022 – Threat Report

Ransomware Task Force (Institute for Security and Technology – Blueprint for Ransomware Defense

Ransomware Task Force (Institute for Security and Technology – Combating Ransomware

Ransomware Task Force (Institute for Security and Technology – MAPPING THE RANSOMWARE PAYMENT ECOSYSTEMVideo: Mapping the Ransomware Payment Ecosystem & Opportunities for Friction

Ransomware Task Force (Institute for Security and Technology – MAPPING THREAT ACTOR BEHAVIOR IN THE RANSOMWARE PAYMENT ECOSYSTEM: A MINI-PILOT

Ransomware Task Force (Institute for Security and Technology – GAINING GROUND

Book – Ransomware: Understand. Precent. Recover.

Recorded Future – The Business of Fraud: Botnet Malware Dissemination

Recorded Future – Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem

Sophos 2023 Threat Report

Sophos – The State of Ransomware 2023

Europol – Wasabi Wallet Report

Wasabi – CoinJoin Legal Concern

vmware – Emotet Exposed: A Look Inside the Cybercriminal Supply Chain

Krebs on Security – Conti Ransomware Group Diaries

Elliptic – Conti Leaks Investigation – The $19m in DAI found in an account linked to Conti Member ‘Target

The Chainalysis 2022 Crypto Crime Report

The Chainalysis 2023 Crypto Crime Report

AdvIntel – DisCONTInued: The End of Conti’s Brand Marks NewChapter For Cybercrime Landscape

FinCEN – Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

FinCEN – Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments

(Forescout) Vedere Labs – Analysis of Conti Leaks

FATF – Professional Money Laundering

FATF – Targeted update on implementation of the FATF standards on virtual assets and virtual asset service providers

accenture – Global Incident Report: Threat Actors Divide Along Ideological Lines over the Russia-Ukraine Conflict on Underground Forums

Links:

https://cybermagazine.com/articles/the-state-of-ransomware-2023

https://cert.gov.ua/article/339662

https://cert.gov.ua/article/39934

https://cert.gov.ua/article/39708

https://cert.gov.ua/article/39609

https://research.checkpoint.com/2022/leaks-of-conti-ransomware-group-paint-picture-of-a-surprisingly-normal-tech-start-up-sort-of/+

https://www.wired.co.uk/article/conti-leaks-ransomware-work-life

https://www.trellix.com/en-gb/about/newsroom/stories/research/conti-leaks-examining-the-panama-papers-of-ransomware.html

https://twitter.com/contileaks?lang=en

https://go.chainalysis.com/2023-crypto-crime-report.html

https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know

https://www.state.gov/darkside-ransomware-as-a-service-raas/

https://www.bbc.com/news/technology-64586361

https://intel471.com/blog/conti-emotet-ransomware-conti-leaks

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-orchestrated-by-conti-ransomware-gang/

https://therecord.media/putin-speech-television-ddos-ukraine-it-army

https://t.me/itarmyofukraine2022/1054

https://www.bbc.com/news/technology-65250356

https://www.computerweekly.com/news/365530999/Killnet-DDoS-attacks-disrupt-Nato-websites

https://www.malwarebytes.com/blog/news/2021/07/the-life-and-death-of-the-zeus-trojan

https://cybernews.com/security/the-8-biggest-botnets-of-all-time/

https://www.malwarebytes.com/glossary/bot-herder

https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/

https://www.npu.gov.ua/news/kiberpolitsiya-vikrila-transnatsionalne-ugrupovannya-khakeriv-u-rozpovsyudzhenni-naynebezpechnishogo-v-sviti-kompyuternogo-virusu-emotet

https://www.npu.gov.ua/news/kiberpolitsiya-vikrila-transnatsionalne-ugrupovannya-khakeriv-u-rozpovsyudzhenni-naynebezpechnishogo-v-sviti-kompyuternogo-virusu-emotet

Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of

Angry Affiliate Leaks Conti Ransomware Gang Playbook

https://www.bleepstatic.com/images/news/ransomware/c/conti/leaked-playbook/folder-listing.jpg

https://cyberhoot.com/cybrary/tactics-techniques-and-procedures-ttp/

https://www.redscan.com/news/key-insights-from-the-conti-ransomware-playbook-leak-foothold/

https://www.bleepstatic.com/images/news/ransomware/c/conti/leaked-playbook/forum-post.jpg

https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/

https://www.irishtimes.com/crime-law/courts/2023/05/18/up-to-100-cases-taken-over-hse-cyberattack-judge-told/

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9486432/

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9486432/

https://www.irishtimes.com/crime-law/2022/12/12/cost-of-hse-cyberattack-rises-to-80m-letter-shows/

https://www.proofpoint.com/us/resources/threat-reports/human-factor

https://edition.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html

https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis

https://www.wired.com/story/how-mimikatz-became-go-to-hacker-tool/

https://www.huntress.com/defenders-handbook/persistence-in-cybersecurity

https://www.blumira.com/glossary/malicious-macro/%5d

https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/macro-malware?view=o365-worldwide

https://www.gov.ie/en/press-release/96eb4c-statement-from-the-national-public-health-emergency-team/

Conti ransomware group announces support of Russia, threatens retaliatory attacks

https://www.wired.co.uk/article/conti-ransomware-russia

https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever

https://www.darkreading.com/threat-intelligence/dark-web-revenue-down-after-hydras-demise

Conti Ransomware: Inside One of the World’s Most Aggressive Ransomware Groups

https://thehackernews.com/2022/05/us-offering-10-million-reward-for.html

https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/

https://www.cisecurity.org/insights/blog/the-conti-leaks-a-case-of-cybercrimes-commercialization

https://www.economist.com/science-and-technology/2022/11/30/how-cybercriminals-have-been-affected-by-the-war-in-ukraine

Leaked Chats Show Russian Ransomware Gang Discussing Putin’s Invasion of Ukraine

https://theintercept.com/document/2022/03/14/contileaks-translations/

https://www.theregister.com/2023/02/24/russian_cybercrime_economy/

Ransomware Revenue Down As More Victims Refuse to Pay

https://www.theregister.com/2022/03/11/conti_leaks_code/

https://www.rapid7.com/blog/post/2022/03/01/conti-ransomware-group-internal-chats-leaked-over-russia-ukraine-conflict/

https://www.theregister.com/2023/02/10/conti_ryuk_trickbot_sanctions/

https://www.theregister.com/2023/01/27/10m_hive_reward_russia/

https://www.theregister.com/2022/05/18/wizard-spider-ransomware-conti/

https://www.bbc.co.uk/news/technology-61323402

https://blog.checkpoint.com/security/ransomware-cyber-attacks-in-costa-rica-and-peru-drives-national-response/

https://securityaffairs.co/131093/cyber-crime/conti-ransomware-peru-direccion-general-de-inteligencia.html

https://www.darkreading.com/attacks-breaches/fin7-former-conti-gang-members-collaborate-domino-malware

https://www.wired.com/story/conti-leaks-ransomware-work-life/

https://www.bloomberg.com/news/features/2023-02-03/ireland-hospital-ransomware-attack-fractured-hacker-group-conti

Conti ransomware group announces support of Russia, threatens retaliatory attacks

https://www.ft.com/content/13d33a08-ce83-4f8a-8d93-a60a5e097ed8

https://www.bbc.co.uk/news/world-europe-57184977

https://www.bbc.co.uk/news/world-europe-57134916

https://www.bbc.co.uk/news/world-europe-57111615

https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/

CISA, FBI, NSA warn of increased attacks involving Conti ransomware

https://www.rte.ie/news/ireland/2022/0223/1282617-cyber-attack-cost/?utm_campaign=wp_the_cybersecurity_202&utm_medium=email&utm_source=newsletter&wpisrc=nl_cybersecurity202

https://heimdalsecurity.com/blog/conti-ransomware-shuts-down-and-rebrands-itself/

https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/

https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/

https://www.trendmicro.com/en_us/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-5th-2023-targeting-the-public-sector/

https://www.bleepingcomputer.com/news/security/google-says-former-conti-ransomware-members-now-attack-ukraine/

https://therecord.media/google-conti-repurposing-tools-for-ukraine-attacks-using-follina-bug-musk-impersonation

https://www.techtarget.com/searchsecurity/news/252507702/Two-suspected-ransomware-operators-arrested-in-Ukraine

https://www.wired.com/story/emotet-botnet-takedown/

Malware Loaders Continue to Evolve, Proliferate

https://www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/

https://www.npu.gov.ua/news/kiberpolitsiya-vikrila-transnatsionalne-ugrupovannya-khakeriv-u-rozpovsyudzhenni-naynebezpechnishogo-v-sviti-kompyuternogo-virusu-emotet

https://explore.avertium.com/resource/an-in-depth-look-at-emotet-botnet

https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot

https://www.wired.co.uk/article/hacktivism-russia-ukraine-ddos

https://cybernews.com/security/the-8-biggest-botnets-of-all-time/

https://therecord.media/how-ukraines-cyber-police-fights-fraud-scams-and-attacks-on-critical-infrastructure

https://www.infosecurity-magazine.com/blogs/a-rundown-of-the-emotet-malware/

https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action

https://www.malwarebytes.com/emotet

https://www.ft.com/content/9895f997-5941-445c-9572-9cef66d130f5

https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/

https://www.wired.co.uk/article/costa-rica-ransomware-conti

https://www.hoxhunt.com/blog/dawn-of-the-undead-king-of-malware-emotet

https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/

Conti ransomware hits JVCKenwood

https://www.redscan.com/news/key-insights-from-the-conti-ransomware-playbook-leak-foothold/

https://www.csoonline.com/article/3638056/conti-ransomware-explained-and-why-its-one-of-the-most-aggressive-criminal-groups.html

https://www.rte.ie/news/analysis-and-comment/2022/0507/1296538-cybersecurity-ireland/

https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/

https://darktrace.com/blog/the-future-of-cyber-security-ransomware-groups-aim-for-maximum-disruption

https://go.checkpoint.com/2023-cyber-security-report/chapter-02.php

https://therecord.media/costa-ricas-ministry-of-public-works-and-transport-crippled-by-ransomware-attack

https://cyberint.com/blog/research/iocs-identified-to-hunt-conti-ransomware/

The Conti Leaks | Insight into a Ransomware Unicorn

https://cyberint.com/blog/research/contileaks/

https://explore.avertium.com/resource/in-depth-look-at-contis-leaked-log-chats

BazarLoader and the Conti Leaks

https://www.coindesk.com/tech/2023/02/23/ransomware-group-conti-has-re-surfaced-under-a-new-name-trm-labs/

Crypto, Cash-outs, and Closures: Surveying the Darknet Ecosystem in the Wake of Hydra Market

Ex-Conti and FIN7 Actors Collaborate with New Backdoor





Source link

National Cyber Security

FREE
VIEW