Many members of Conti are believed to be based mostly in Russia or surrounding areas. For years, the Kremlin has largely turned a blind eye to cybercriminals based mostly within the nation, making it a house base for a number of ransomware teams. The leaked Conti Recordsdata revealed that some high-level members of the gang seem to have connections to the Russian state and safety providers. Members of the group have chatted about engaged on “political” topics and realizing members of the Russian hacking group Cozy Bear, often known as Superior Persistent Risk 29.
“Conti has publicly acknowledged its reference to international governments, particularly its assist of the Russian authorities,” says US Air Drive main Katrina Cheesman, a spokesperson for the Cyber Nationwide Mission Drive. “Primarily based on its ties to Conti and different indicators, it’s assessed that the management of the organized crime group often called Wizard Spider probably have a connection to authorities entities within Russia,” Cheesman provides.
Because the Conti Recordsdata have been leaked in early March, a number of cybersecurity companies have pored over the paperwork. It’s believed that Professor, who’s included within the reward program’s name for info and can be concerned in Trickbot, oversees a lot of the ransomware deployment and is a “important participant” within the operation, in keeping with safety specialists. In different instances, a number of on-line monikers utilized by actors of the Conti group might, in actual fact, check with the identical individual.
Other than the Conti Recordsdata, there have been different leaks from the broader cybercrime syndicate. Earlier this 12 months, a Twitter account known as Trickleaks began posting the alleged names and private particulars of Trickbot members. The doxxing, which has not been independently verified however is believed to be at the very least partly correct, exhibits pictures of alleged members and their social media accounts, passport particulars, and extra.
Jeremy Kennelly, a senior supervisor in monetary crime evaluation at cybersecurity agency Mandiant, says that continued motion towards Conti and Trickbot is “crucial” in serving to stop ransomware teams from making a living and attacking companies. “Stripping anonymity from key gamers, providing bounties, seizing illicit funds, and making public declarations of intent are essential actions that will assist to extend the actual and perceived dangers of partaking in ransomware operations and should finally result in a chilling impact amongst some legal actors and/or organizations,” Kennelly says.
The Rewards for Justice officers say that they are going to be publishing their name for details about the Conti members in a number of languages and urge folks to get in contact by way of a Tor hyperlink. The entire suggestions they obtain will likely be verified, and any lead should go a number of steps earlier than a cost is made. They are saying it’s theoretically doable that a number of $10 million rewards could possibly be issued. The officers are particularly focusing on Russian-language on-line areas, saying the reward particulars will likely be posted to Russian social community VK and in addition hacking boards.
In current weeks, Conti’s actions have dwindled, as it’s believed the group is making an attempt to rebrand following the leak of its inside chats. Nevertheless, lots of the members are nonetheless regarded as energetic and concerned in different cybercrime efforts. These sorts of ransomware assaults can have a big impact on companies and wider society.
“Whereas these are usually not state-sponsored teams, they routinely perform assaults as impactful as any nation-state group, they usually have to be handled as such,” says Allan Liska, an analyst for the safety agency Recorded Future who makes a speciality of ransomware. “This probably received’t result in the arrest of members of Conti, until any of them are dumb sufficient to step foot exterior of Russia. The intelligence that may be gathered by way of this reward may show to be invaluable.”