Conti Ransomware Gang

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that the development of Trickbot, a powerful malware, was "acquired" by the Conti gang, further increasing its capabilities. This situation prompted the U.S. Department of State to offer a reward of $15 million to identify co-conspirators and provide information about anyone planning or attempting to participate in a Conti ransomware attack. In early 2022, a new group named Royal Ransomware emerged, composed of veterans from the Conti gang. This group has been launching attacks on US-based healthcare organizations, with a recent focus on Linux systems. However, the situation took a dramatic turn when Russia invaded Ukraine. On February 24, 2022, the day after the invasion began, the Conti gang declared its full support for the Russian government, pledging to use all possible resources to strike back at the critical infrastructures of any enemy. Although the group later condemned the war, the damage had already been done. A significant blow to the Conti gang came when their internal communications were leaked by a Ukrainian researcher following their declaration of support for Russia, an event known as the Conti Leaks. Additionally, in March 2023, the FBI reported that LockBit, another ransomware group, had assembled a team of experts for their research and development efforts, particularly after separating from the Conti gang. These developments indicate a shifting landscape in the world of cyber threats, with the potential for new actors and alliances to emerge.
What's your take? (Question 1 of 5)
68287e2f-5d30-47bc-ae5e-54c5da0abb2f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Cybercrime
Russia
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
3
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
Black BastaUnspecified
2
Black Basta is a malicious ransomware program that has been active since April 2022. It operates using a double-extortion attack model, infecting systems and holding data hostage for ransom. The malware typically infiltrates systems through suspicious downloads, emails, or websites, often without th
TrickBotUnspecified
2
TrickBot is a notorious malware that has gained prominence due to its destructive capabilities. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, TrickBot c
QakBotUnspecified
2
Qakbot, also known as QBot, is a type of malware that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Conti Ransomware Gang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CSO Online
a year ago
Russian hacktivists deploy new AresLoader malware via decoy installers
CERT-EU
9 months ago
Qakbot Cracked: FBI and Friends Hack the Hackers
Securityaffairs
9 months ago
UK and US sanctioned 11 members of Russia-based TrickBot gang
Krebs on Security
9 months ago
U.S. Hacks QakBot, Quietly Removes Botnet Infections
CERT-EU
9 months ago
UK, US sanction Conti and Trickbot ransomware gang members | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
US and UK sanction 11 TrickBot and Conti cybercrime gang members
CERT-EU
a year ago
US Gives Costa Rica $25M For Eradication Of Conti Ransomware | IT Security News
CERT-EU
8 months ago
US, Latin America Seek to Boost Cybersecurity
CERT-EU
a year ago
Warning issued over ransomware attacks targeting VMware ESXi servers globally
Securityaffairs
a year ago
The intricate relationships between the FIN7 group and members of the Conti gang
CERT-EU
8 months ago
Hackers threaten to dump data stolen from Auckland University of Technology | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
9 months ago
A secondhand account of the worst possible timing for a scammer to strike
CERT-EU
8 months ago
Bumblebee Loader Resurfaces in New Campaign
CERT-EU
9 months ago
3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU
a year ago
Russian cybercrime alliances upended by Ukraine invasion
CERT-EU
a year ago
Get a $10m reward for information about Clop Ransomware Gang - Cybersecurity Insiders
CERT-EU
a year ago
Russian cybercrime alliances upended by Ukraine invasion
Krebs on Security
a year ago
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
CERT-EU
a year ago
Apple M1 Chips face LockBit Ransomware threat in development - Cybersecurity Insiders