Conti site becomes unresponsive: According to several security researchers, the Tor site used by cybercriminal group Conti has stopped working since last Wednesday.
On this site, the group’s cybercriminals had previously announced their new victims, generally infected with ransomware produced by the group. They also disseminated the data stolen by the group’s affiliates during the intrusions.
The site was thus used to force the hand of the victims, who saw themselves threatened with the dissemination of their data if they did not agree to pay the ransom demanded by Conti.
More than 800 victims worldwide
Active since the beginning of 2020, although some versions of its malware were detected at the end of 2019, the Conti group notably distinguished itself by attacking the Irish health service and paralyzing its systems .
Among its other feats of arms, the group also claimed in France the hacking of the company Assu2000 and more than 800 victims around the world on its site. The exact number of Conti victims would nevertheless be higher, the victims displayed on the site being mainly those who refused to pay the ransoms demanded by the group.
Conti operates on the Ransomware-as-a-Service mode: the group rents its software to other cybercriminal groups, and then arranges to share the extorted ransoms.
Conti’s end
Despite this apparent hyperactivity, the Conti group has experienced a turning point in its strategy since the beginning of 2022. The organization had thus clearly shown itself in favor of the Russian invasion of Ukraine, a position which had earned it the ire of a security researcher. The latter published at the beginning of February an important archive containing internal communications to the group, revealing the well-established functioning of the organization and its links with other cybercriminal groups.
In May, according to information obtained by the cybersecurity company AdvIntel, the leaders of the group had announced the end of the “brand” Conti. They had then invited the members of the group to join several other cybercriminal organizations nearby. A way to forget the Conti entity, which has become too visible, and to spread within a new cybercriminal ecosystem while maintaining the links between the members of the organization.
According to AdvIntel researchers, the end of Conti’s activity is therefore only a maneuver aimed at avoiding a dismantling by the police like the one that struck the REvil/Sodinokibi group in February 2022. closing the showcase site used by Conti is therefore only the last step in this strategy.