When you say "ransomware group," what comes to your mind? Is it a bunch of hackers cooped up in a dingy basement, where there's barely any sunlight or hint of organization? Well, that stereotype might not fly with this specific collective.
hacker
A leak implicating the notorious Conti ransomware group paints a very different image of the organization as a whole. According to a report by CNBC, Conti reportedly has an HR department, employee performance reviews, and even "employee of the month" awards for its workers.
The leak comes from data sourced by the FBI, all of which were analyzed by cybersecurity experts. After emerging back in 2020, the Conti ransomware group has actually grown to be one of the biggest in the world: boasting around 350 members and having made roughly $2.7 billion in cryptocurrency so far.
To be as successful as they are, Conti is allegedly structured like a regular tech company. Aside from the top management, finance, and HR departments, the organization also has teams complete with team leaders who report to the upper echelons. They even have an RND department.
Furthermore, the leaked documents also seem to reveal that the group has actual, physical offices in Russia and could even be tied to the Russian government.
The Reason For The Leak
A ransomware group like Conti would not be too willing to let these bits of information slip out. As such, cybersecurity research firm Cyberint theorizes that the leak is an "act of revenge" following the group's decision to side with Russia in the wake of the invasion of Ukraine.
Before the leaks, Conti was considered one of the most popular ransomware collectives of the modern era. They completed 600 successful campaigns last year and "stoked fear within every organization worldwide, according to Cyberint.
Read Also: Conti Ransomware Group Helping Russia? 60,000 Files, Chat Messages Reveal Alarming Details
But soon after the group's senior management posted a pro-Russia message, an alleged former member of the team proceeded to leak "every piece of information" he's gathered over the past two years of the ransomware group's operations.
Russian President Vladimir Putin speaks to the media with Hungarian Prime Minister Viktor Orban at Parliament on February 17, 2015 in Budapest, Hungary. Putin is in Budapest on a one-day visit, his first visit to an EU-member country since he attended ceremonies marking the 70th anniversary of the D-Day invasions in France in June, 2014.
'Employees' Are Unaware
It is very unlikely for a ransomware group like Conti to have such a public face (if the rumors about physical offices are true). As per the research firm Check Point Software Technologies, they have "evidence" that not all employees are even aware that they're working for a cybercrime group. Instead, they think they're employed by an advertising company.
Check Point says that employees are mostly kept in the dark about what really happens within, and this is evident in the group's "hiring" process. In one online job interview, a potential hire was allegedly told that "everything is anonymous" at Conti , with the company's main direction being just the development of software for "pentesters." Pentesters or "penetration testers" are real cybersecurity specialists whose jobs involve simulating cyberattacks against their employers' networks.
People work at computers during the 10th International Cybersecurity Forum in Lille on January 23, 2018. / AFP PHOTO / Philippe Huguen
Either way, there are reports that the group is currently having troubles staying afloat. The salary payments have stopped, people were getting arrested, and there was no leadership figure within the group. However, the "company" is still in partial operation and there are rumors that it could rise again and regain the power and influence it has lost.
Related Article: Conti Ransomware Hits Delta Electronics | $15 Million Ransom Asked For Device Decryption
This article is owned by Tech Times
Written by RJ Pierce
