Conti Ransomware Gang

Threat Actor updated 4 months ago (2024-05-04T17:53:08.217Z)

Download STIX

Preview STIX

The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that the development of Trickbot, a powerful malware, was "acquired" by the Conti gang, further increasing its capabilities. This situation prompted the U.S. Department of State to offer a reward of $15 million to identify co-conspirators and provide information about anyone planning or attempting to participate in a Conti ransomware attack. In early 2022, a new group named Royal Ransomware emerged, composed of veterans from the Conti gang. This group has been launching attacks on US-based healthcare organizations, with a recent focus on Linux systems. However, the situation took a dramatic turn when Russia invaded Ukraine. On February 24, 2022, the day after the invasion began, the Conti gang declared its full support for the Russian government, pledging to use all possible resources to strike back at the critical infrastructures of any enemy. Although the group later condemned the war, the damage had already been done. A significant blow to the Conti gang came when their internal communications were leaked by a Ukrainian researcher following their declaration of support for Russia, an event known as the Conti Leaks. Additionally, in March 2023, the FBI reported that LockBit, another ransomware group, had assembled a team of experts for their research and development efforts, particularly after separating from the Conti gang. These developments indicate a shifting landscape in the world of cyber threats, with the potential for new actors and alliances to emerge.

Description last updated: 2023-10-10T19:15:30.906Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Cybercrime

Russia

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	3	Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
Black Basta	Unspecified	2	Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
TrickBot	Unspecified	2	TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea
QakBot	Unspecified	2	Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw

Source Document References

Information about the Conti Ransomware Gang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	OSINT Round-Up of Russia-Based High-Profile Cybercriminals
Krebs on Security	a year ago	U.S. Hacks QakBot, Quietly Removes Botnet Infections
CSO Online	a year ago	Russian hacktivists deploy new AresLoader malware via decoy installers
Krebs on Security	2 years ago	U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
CERT-EU	2 years ago	4 Recent Ransomware Attack Examples \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security Consulting
CERT-EU	2 years ago	Warning issued over ransomware attacks targeting VMware ESXi servers globally
CERT-EU	2 years ago	Russian cybercrime alliances upended by Ukraine invasion
CERT-EU	2 years ago	Russian cybercrime alliances upended by Ukraine invasion
CERT-EU	a year ago	Apple M1 Chips face LockBit Ransomware threat in development - Cybersecurity Insiders
CERT-EU	a year ago	The U.S. Looks to Direct Cyber Engagement to Reestablish Its Leadership Position
CERT-EU	a year ago	US, Latin America Seek to Boost Cybersecurity
CERT-EU	a year ago	Hackers threaten to dump data stolen from Auckland University of Technology \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Bumblebee Loader Resurfaces in New Campaign
Securityaffairs	a year ago	UK and US sanctioned 11 members of Russia-based TrickBot gang
CERT-EU	a year ago	Russians who deployed ransomware against hospitals are charged \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Securityaffairs	a year ago	The intricate relationships between the FIN7 group and members of the Conti gang
CERT-EU	a year ago	3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU	a year ago	A secondhand account of the worst possible timing for a scammer to strike
CERT-EU	a year ago	UK, US sanction Conti and Trickbot ransomware gang members \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting