It was a Ukrainian safety specialist who apparently turned the tables on the infamous Russia-based Conti, and leaked the ransomware gang’s supply code, chat logs, and tons of different delicate knowledge in regards to the gang’s operations, instruments, and prices.
Since then, infosec researchers across the globe have been wading by this silo of intelligence, which reveals the interior workings of the prison enterprise.
“I name this the Panama Papers of ransomware,” Trellix’s head of cyber investigations John Fokker told The Record. Trellix is the cybersecurity firm beforehand often known as the mixed McAfee Enterprise and FireEye.
Conti, it ought to be mentioned, has the ransomware enterprise mannequin right down to a science. It extorted an estimated $180m final 12 months, making it probably the most profitable ransomware operation of 2021, in response to the newest Crypto Crime Report from safety store Chainanysis. As of late February, Conti’s major Bitcoin handle contained greater than $2bn in digital forex, in response to a Rapid7 report.
But, as with all enterprise, it incurs important bills from paying worker salaries in BTC, and sustaining its infrastructure, in response to knowledge safety biz Varonis.
“In addition to renting digital personal servers (VPS), favoring companies that settle for Bitcoin, the group most definitely maintains VPN subscriptions to keep up a layer of anonymity when conducting their operations, in addition to subscriptions to or purchases of varied safety merchandise,” it wrote.
Other leaked paperwork present perception into the ransomware gang’s hirings and firings, in response to analysis by forensics agency BreachQuest. The safety vendor offered an in depth Conti org chart that exhibits Stern, “the massive boss,” on the high with henchmen accountable for HR and recruitment, running a blog and negotiating, coaching, and blockchain wrangling, plus groups beneath.
It seems that even prison operations are having issue hiring and preserving good employees today. “Conti understands that the turnover ratio of staff can also be very excessive as a consequence of the truth that they’re working a prison group,” BreachQuest wrote. “The Conti group has an HR/Recruiter that assists with the continuous discovering and recruitment of recent candidates.”
While Conti has been identified for large sport searching — or specializing in high-value targets that may seemingly pay huge bucks to get its encrypted knowledge restored, or to forestall exfiltrated data from being publicly leaked — BreachQuest goes into element about how Conti ensures that its processes repay:
CyberArk posted its personal analysis of the Conti leaks, and says the data will help organizations defend themselves. One of the info dumps included 12 git repositories of what is mentioned to be inner Conti software program.
“Upon fast inspection of those repositories, many of the code seems to be open-source software program that’s utilized by the Conti group,” the evaluation mentioned. “For occasion, yii2 or Kohana is used as a part of (what appears to be) the admin panel. The code is generally written in PHP and is managed by Composer, aside from one repository of a software written in Go.” ®
https://www.theregister.com/2022/03/11/conti_leaks_code/
