Conti Ransomware Gang

Threat Actor updated 7 months ago (2024-05-04T17:53:08.217Z)

Download STIX

Preview STIX

The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that the development of Trickbot, a powerful malware, was "acquired" by the Conti gang, further increasing its capabilities. This situation prompted the U.S. Department of State to offer a reward of $15 million to identify co-conspirators and provide information about anyone planning or attempting to participate in a Conti ransomware attack. In early 2022, a new group named Royal Ransomware emerged, composed of veterans from the Conti gang. This group has been launching attacks on US-based healthcare organizations, with a recent focus on Linux systems. However, the situation took a dramatic turn when Russia invaded Ukraine. On February 24, 2022, the day after the invasion began, the Conti gang declared its full support for the Russian government, pledging to use all possible resources to strike back at the critical infrastructures of any enemy. Although the group later condemned the war, the damage had already been done. A significant blow to the Conti gang came when their internal communications were leaked by a Ukrainian researcher following their declaration of support for Russia, an event known as the Conti Leaks. Additionally, in March 2023, the FBI reported that LockBit, another ransomware group, had assembled a team of experts for their research and development efforts, particularly after separating from the Conti gang. These developments indicate a shifting landscape in the world of cyber threats, with the potential for new actors and alliances to emerge.

Description last updated: 2023-10-10T19:15:30.906Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Cybercrime

Russia

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Conti Ransomware Gang. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	Unspecified	3
The Black Basta Malware is associated with Conti Ransomware Gang. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses	Unspecified	2
The TrickBot Malware is associated with Conti Ransomware Gang. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,	Unspecified	2
The QakBot Malware is associated with Conti Ransomware Gang. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d	Unspecified	2

Source Document References

Information about the Conti Ransomware Gang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	OSINT Round-Up of Russia-Based High-Profile Cybercriminals
Krebs on Security	a year ago	U.S. Hacks QakBot, Quietly Removes Botnet Infections
CSO Online	2 years ago	Russian hacktivists deploy new AresLoader malware via decoy installers
Krebs on Security	2 years ago	U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
CERT-EU	2 years ago	4 Recent Ransomware Attack Examples \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security Consulting
CERT-EU	2 years ago	Warning issued over ransomware attacks targeting VMware ESXi servers globally
CERT-EU	2 years ago	Russian cybercrime alliances upended by Ukraine invasion
CERT-EU	2 years ago	Russian cybercrime alliances upended by Ukraine invasion
CERT-EU	a year ago	Apple M1 Chips face LockBit Ransomware threat in development - Cybersecurity Insiders
CERT-EU	a year ago	The U.S. Looks to Direct Cyber Engagement to Reestablish Its Leadership Position
CERT-EU	a year ago	US, Latin America Seek to Boost Cybersecurity
CERT-EU	a year ago	Hackers threaten to dump data stolen from Auckland University of Technology \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Bumblebee Loader Resurfaces in New Campaign
Securityaffairs	a year ago	UK and US sanctioned 11 members of Russia-based TrickBot gang
CERT-EU	a year ago	Russians who deployed ransomware against hospitals are charged \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Securityaffairs	2 years ago	The intricate relationships between the FIN7 group and members of the Conti gang
CERT-EU	a year ago	3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU	a year ago	A secondhand account of the worst possible timing for a scammer to strike
CERT-EU	a year ago	UK, US sanction Conti and Trickbot ransomware gang members \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	The Conti Ransomware Gang and the Trickbot Cybercrime Enterprise XMPP's and Jabber Account IDs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting