Conti ransomware group officially shuts down - but probably not for long

The Conti group is splitting up, but says it will continue to operate

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the world’s most famousransomwarethreat actors, Conti, is breaking up - however there is very little reason to celebrate.

As reported by cybersecurity researchers from AdvancedIntel, the group’s internal infrastructure, includingToradmin panes used for content publishing and negotiations, has been shut down. What’s more,BleepingComputerfound that other internal services (such as rocket chat servers) are being decommissioned, as well.

But this doesn’t mean the people behind the name will drop the world of cybercrime altogether. Instead, they’ll be partnering with other, smaller ransomware groups, creating a whole swathe of ransomware groups, all reporting to a central figure.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

At “war” with Costa Rica

Not only will they continue attacking businesses everywhere, but being broken up into semi-autonomous entities will make them more agile, and consequently - a bigger threat.

Among the groups Conti’s members joined forces with, are HelloKitty, AvosLocker, Hive, BlackCat, BlackByte, and others, Advanced Intel claims. What’s more, new autonomous groups were built, whose key goals will be data exfiltration. Some of them are Karakurt, BlackByte, and the Bazarcall collective.

Conti is one of the world’s most well-knowncybercrimegroups. It’s one of the first groups to publicly express its support for the Russian invasion of Ukraine, which didn’t sit well with many of its partners and peers. Other ransomware groups and threat actors ended up publishing its source code and internal chats online.

Microsoft wants to try and kill off ransomware for good>Conti ransomware group has internal chats leaked after siding with Russia>Costa Rica declares national emergency after Conti ransomware attacks

At the moment, Conti is engaged in afull-blown cyber-war with the government of Costa Rica, hitting 27 government institutions including municipalities, utilities, and the Ministry of Finance, in a recent attack.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, researchers believe that the attack was a “facade of live operation” while it pivots towards smaller entities.

“The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived," Advanced Intel’s report states.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)