The group of hackers quickly converted the proceeds through a complex network of crypto-asset accounts to avoid seizure. They even hire teams to handle public relations and recruiting.
Conti is said to be a major force in the cybercrime underworld. According to Singapore-based analytics platform DarkTracer, of all the companies that have publicly been victims of ransomware, around 20% or 824 businesses are victims of this hacker organization.
The US government recently offered a $10 million reward for information that helps identify and locate Conti ringleaders.
With Conti taking a pro-Russian stance in the conflict with Ukraine, pro-Kiev members retaliated by disclosing the group’s internal chat log data. This data spans the period from June 2020 to March 2022, and includes 170,000 messages written entirely in Russian.
The conversations have about 350 participants. In which, 35 members post more than 1,000 messages, 30% of participants have 100 messages or less.
According to Nikkei, Takashi Yoshikawa, a malware analyst at cybersecurity firm Mitsui Bussan Secure Directions, said the conversations showed behind the scenes of Conti’s illegal activities.
“The chats seem to be original,” said Yoshikawa, which includes details of the specific attack targets as well as the virus source code used in the attacks.
At the time the chat logs were leaked, Conti had 645 digital wallets, containing a total of 2,321 Bitcoins, worth more than $90 million. Of which, the organization holds at least 1,953 Bitcoins – more than $77 million in ransom or transfers from outside groups.
The most deposited wallet account received about 23 million USD from September to November 2020 with many transfers, each time nearly 8 million USD. This amount is then disbursed to various wallets.
“The funds are transferred in a short time to avoid being traced by the authorities, then converted into cash at exchanges or assets on the dark web.,’ explained Yoshikawa.
Operate like a business
Some members are responsible for overseeing key tasks such as public relations and personnel management. Conti has “rotated” using many active members who are proficient in programming and other skills, similar to hiring contract workers.
In some cases, members are not even aware they are engaging in illegal activities. The organization also established an underground business to support the regime for those with the skill sets that helped the group organize a successful attack.
Conti’s activities since 2020 are just the tip of the iceberg of cybercriminal activities. Blackmail attacks alone have doubled in the last year, to 623 million cases globally, according to cybersecurity firm SonicWall. In recent months, Toyota Motor has suffered an attack that briefly halted its supply chain.
Cybersecurity firm Check Point Software Technologies estimates that the financial damage caused by the system’s outage, along with attorneys’ fees and other costs, is about seven times more than the amount paid to hackers. .
According to Nikkei Asia