Conti Ransomware Has Shut Down Sites Used for Data Leaks, Negotiations with Victims

Conti ransomware group has shut down their cybercrime operations.

The group is bringing the notorious cybercrime brand's final chapter to a close. Last month, Conti ransomware made headlines after launching a cyberattack on Costa Rica.

This later prompted the government of the country to declare a state of emergency. This was done at the time when Rodrigo Chaves was declared the 49th president of Costa Rica.

Conti was able to breach and obtain numerous public records from government agencies like the Ministry of Finance, Ministerio de Hacienda, the Ministry of Labor and Social Security, the Social Development and Family Allowances Fund, and the Interuniversity Headquarters of Alajuela, SIUA.

Conti Is Laying Low

Conti has been reported, for quite some time now, to be in the process of seizing their operations.

BleepingComputer reported that the group started telling its members that they were decommissioning internal infrastructure.

This includes disposing of their communication and storage servers.

Nevertheless, Conti left one member afterwards to continue leaking data and taunting Costa Rica to create a façade of an operating organization while its members silently transferred to other ransomware groups.

As reported by Advanced Intel,Conti's only primary objective with this final attack was to use the platform as a tool for publicity.

This is for them to perform their own death and subsequent rebirth in the most plausible way possible.

Despite appearing to be an active hacking group from the outside, Conti has no longer carried out further attacks.

BleepingComputer stated, "To confuse researchers and law enforcement, this Conti member released the same victim's data on both their site and Hive's data leak site, where he is also an affiliate."

In the end, this was nothing more than an elaborate hoax, with the remaining portion of the Conti ransomware entering or even assuming control of the activities of other ransomware.

Conti's Cybercrime Rebrand

Conti ransomware gained authority over time through a series of successfully orchestrated attacks on large organizations and businesses.

The group became a large syndicate in the industry.

However, during the geopolitical conflict between Russia and Ukraine, a Ukrainian security researcher leaked massive amounts of data from the group.

iTechpost previously reported that the leaked files consisted of 170,000 internal chat conversations, 400 files containing tens of thousands of internal chat logs, and source code.

The report added, "From January 2021 to January 2021, the data includes approximately a year's worth of messages, which corresponds to approximately six months after the group's formation in mid-2020."

This became a huge embarrassment for the elite hacking group, which eventually led to law enforcement detecting them.

Read Also: Cybersecurity Hackers Defending Ukraine After Conti Ransomware Gang Sides With Russia

Conti Ransomware Takeover

Conti ransomware on the outside might look like it is shutting down on the outside, but as reported, the cybercrime syndicate might still be operating.

The members of the gang have now fragmented into smaller cells, which have either taken over pre-existing ransomware operations or infiltrated those of other organizations.

By dispersing their members throughout a number of distinct gangs, ransomware organizations are able to avoid having their entire operation brought to a halt in the event that a single cell or ransomware gang is taken down by law enforcement authorities.

Despite this, these members continue to show their commitment to the syndicate, which is managed by a small team of administrators.

The same report also stated that a few members of the Conti ransomware created their own data extortion operations like the Bazaracall collective, Karakurt, and BlackByte.

Members also spread out to other groups, like Hello Kitty, AvosLocker, BlackCat, Hive, and Quantum.

Related Article: Conti Ransomware Strikes Again - Costa Rica Declares National Emergency for the Cyberattacks

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost