Conti Ransomware is no more!
Team leaders said that the notorious Conti Ransomware gang has officially shut down their operation. The infrastructure was already offline.
This information comes from Advanced Intel's Yelisey Boguslavskiy, who tweeted that Conti Ransomware's internal infrastructure was turned off.
"Today the official website of Conti #Ransomware was shut down, marking the end of this notorious crime group; it is truly a historic day in the #intelligence community!" Boguslavskiy tweeted.
But are we completely safe now?
Conti Ransomware May Be Gone, But the Operation Continues
Despite the shutdown of the Conti Ransomware brand, it is expected that the cybercrime syndicate will continue to have a relevant role in the ransomware industry for a long time to come.
According to Boguslavskiy, the Conti leadership has partnered with smaller ransomware gangs to conduct attacks instead of rebranding as another large ransomware operation.
The smaller ransomware gangs gain an inflow of experienced Conti pentesters, negotiators, and operators under this partnership.
By splitting into smaller "cells," the Conti cybercrime syndicate gains mobility and greater evasion of law enforcement. But they will still all be managed by the central leadership.
The Advanced Intel report stated that Conti has partnered with numerous well-known ransomware operations, including HelloKitty, AvosLocker, Hive, BlackCat, BlackByte, and more, as per the BleepingComputer report.
The existing Conti members, including negotiators, intel analysts, pentesters, and developers, are scattered throughout other ransomware operations.
The members will now be a part of other ransomware operation's encryptors and negotiation sites, but they are still, in fact, part of the bigger Conti cybercrime syndicate.
According to Advanced Intel, as reported by the BleepingComputer, the new autonomous groups of Conti members created will focus entirely on data exfiltration and not data encryption. Some of these groups include Karakurt, BlackByte, and the Bazarcall collective.
The existing cybercrime syndicate will continue operating through this move but no longer under the Conti name.
Tor Admin Panels, Other Internal Devices of Conti Ransomware Now Inactive
According to Bleeping Computer, Boguslavskiy said that while public-facing 'Conti News' data leak and the ransom negotiation sites are still online, the Tor admin panels used by members to perform negotiations and publish "news" on their data leak site are now offline.
BleepingComputer was also told that other internal services, such as their rocket chat servers, are being inactivated.
Conti's shutting down in the middle of their information war with Costa Rica is unusual. But according to Boguslavskiy, Conti made this very public attack to create a coverup of a live operation while the Conti members slowly moved to other, smaller ransomware operations.
"However, AdvIntel's unique adversarial visibility and intelligence findings led to, what was in fact, the opposite conclusion: The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived," according to a report by Advanced Intel, as cited by the BleepingComputer.
Furthermore, Advanced Intel added that the agenda to conduct the attack on Costa Rica for publicity instead of ransom was declared internally by the Conti leadership.
Related Article: Conti Ransomware Threatens to Oust Costa Rica's Government: Here's What You Have to Know