Many members of Conti are believed to be based mostly in Russia or surrounding areas. For years, the Kremlin has largely turned a blind eye to cybercriminals based mostly within the nation, making it a homebase for a number of ransomware teams. The leaked Conti Recordsdata revealed some high-level members of the gang seem to have connections to the Russian state and security services. Some members of the group have chatted about engaged on “political” topics and realizing members of the Russian hacking group Cozy Bear, also known as Advanced Persistent Threat 29.
“Conti has publicly acknowledged its reference to overseas governments, particularly its assist of the Russian authorities,” says US Air Power main Katrina Cheesman, a spokesperson for the Cyber Nationwide Mission Power. “Primarily based on its ties to Conti and different indicators, it’s assessed the management of the organized crime group often called Wizard Spider doubtless have a connection to authorities entities within Russia,” Cheesman provides.
For the reason that Conti Recordsdata had been leaked in early March, a number of cybersecurity companies have pored over the paperwork. It’s believed that Professor, who’s included within the reward program’s name for data and can be concerned in Trickbot, oversees a lot of the ransomware deployment and is a “important participant” within the operation, in line with safety specialists. In different circumstances, a number of on-line monikers utilized by actors of the Conti group might, actually, be the identical individual.
Other than the Conti Recordsdata, there have been different leaks from the broader cybercrime syndicate. Earlier this 12 months, a Twitter account called Trickleaks began posting the alleged names and private particulars of Trickbot members. The doxxing, which has not been independently verified however is believed to be no less than partly correct, exhibits pictures of alleged members and their social media accounts, passport particulars, and extra.
Jeremy Kennelly, a senior supervisor in monetary crime evaluation at cybersecurity agency Mandiant, says that continued motion towards Conti and Trickbot is “important” in serving to to cease ransomware teams from earning money and attacking companies. “Stripping anonymity from key gamers, providing bounties, seizing illicit funds, and making public declarations of intent are vital actions that will assist to extend the true and perceived dangers of participating in ransomware operations, and will finally result in a chilling impact amongst some prison actors and/or organizations,” Kennelly says.
The Rewards for Justice officers say that they are going to be publishing their name for details about the Conti members in a number of completely different languages and urge individuals to get in contact by way of a Tor hyperlink. The entire ideas it receives shall be verified and a number of steps have to be handed earlier than a fee is made. They are saying it’s theoretically doable that a number of $10 million rewards could possibly be issued. They’re particularly focusing on Russian-language on-line areas, saying the reward particulars shall be posted to Russian social community VK and in addition hacking boards.
In latest weeks, Conti’s actions have dwindled, as it’s believed the group is attempting to rebrand following the leaking of its inside chats. Nonetheless, lots of the members are nonetheless regarded as lively and concerned in different cybercrime efforts. These sorts of ransomware assaults can have a huge effect on companies and wider society.
“Whereas these usually are not state-sponsored teams, they routinely perform assaults as impactful as any nation state group they usually must be handled as such,” says Allan Liska, an analyst for the safety agency Recorded Future who focuses on ransomware. “This doubtless received’t result in the arrest of members of Conti, except any of them are dumb sufficient to step foot outdoors of Russia. The intelligence that may be gathered by way of this reward might show to invaluable.”