Previous Conti actors keep on being lively in the cybercrime underworld adhering to the group’s announcement that it stopped operations in Might this year. This is according to a new report by Intel 471, which analyzed the things to do of former Conti-affiliated actors in the previous two months.
In February 2022, a wide sum of inside chat info from the notorious ransomware outfit was leaked by a Ukrainian researcher after the group produced an aggressively pro-Russia assertion in the wake of the invasion of Ukraine. This provided detailed insights into Conti’s functions.
Subsequently, the ransomware gang, responsible for a lot of substantial-profile attacks in the latest years, officially shut down its operation, with its infrastructure taken offline.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Now, Intel 471 researchers have tracked the paths taken by previous gang associates considering the fact that Might, observing them “splinter and move in diverse directions within the cybercrime underground.” This contains starting to be independent contractors or little syndicates, using expertise and strategies earlier applied by Conti, this sort of as network access or knowledge theft. Others seem to be performing with other Ransomware-as-as-Assistance groups, “building on particular person interactions that ended up cultivated during Conti’s existence.”
Intel 471 mentioned: “Whatever route former Conti-affiliated actors have preferred, they are even now focused on building profits and staying out of law enforcement custody, as they go previous the data leaks and subsequent media focus of the previous several months.”
The scientists have observed symptoms of overlap amongst numerous ransomware gangs and Conti concerning the tactics, approaches and processes (TTPs) used. This is notably in areas like info leak blogs, payment sites, restoration portals, sufferer communications and negotiation methods, suggesting these groups may well have come to be rebranded Conti functions.
These incorporate the Black Basta ransomware gang, which began functions a month before Conti’s shutdown BlackByte, which has been energetic due to the fact August 2021 and Karakurt, a team largely responsible for knowledge theft and extortion techniques. In the latter scenario, Intel 471 researchers observed the two groups used the very same attacker hostname and exfiltration and remote accessibility strategies. In addition, they noticed cryptocurrency transfers involving wallets tied to Karakurt and Conti.
Intel471 also expects other Conti operators will convey their capabilities to other RaaS groups “to length them selves from Conti’s perceived pro-Russian stance.”
The report concluded: “The ContiLeaks ended up a mortal blow to the Conti group, exposing sufficient information and facts to make the group’s ongoing operation untenable. Nevertheless even with the leaks, there were being methods Conti took that enabled the ransomware group to remain resilient and continue sections of its operation. Intel 471 believes it is highly very likely the most prolific associates of the team will proceed to function, productively conducting illicit cyber activity. Additionally, when the unfavorable media interest dissipates, it is probable that Conti operators will seek to regroup into an firm comparable to the framework it as soon as held.”
Some components of this write-up are sourced from:
www.infosecurity-journal.com