Blog
Conti Ransomware Gang falls apart
Conti ransomware gang was infamously known as one of the most sophisticated adopters of ransomware-as-a-service (RaaS) model, earning them 180 million USD only in 2021. However, due to the recent Russian invasion on Ukraine, the foundations of the group started to tremble. Soon we were witness of Conti internal leaks by one of their members, […]
Conti ransomware gang was infamously known as one of the most sophisticated adopters of ransomware-as-a-service (RaaS) model, earning them 180 million USD only in 2021. However, due to the recent Russian invasion on Ukraine, the foundations of the group started to tremble. Soon we were witness of Conti internal leaks by one of their members, who disagreed with Conti’s public statement that they are backing Russia in the new conflict. This indicated that Conti ransomware gang had members from both Russia and Ukraine.
Now, Advanced Intel’s Yelisey Boguslavskiy reported via Twitter that Conti gang officially ended their operations. Their official website was shut down, the Tor admin panels which were used for negotiation are also offline, but the public-facing Conti News dark web website is still online – this is the data leak website.
New cells and mergers
Even though Conti as a brand came to an end, there are already indications that the ex-members will not retire. Instead, they are partnering with other smaller ransomware gangs which will benefit from Conti members’ technical expertise, while the ex-members will evade the spotlights for a while. It is possible that the Conti management will still manage all the cells from central leadership.
Advanced Intel reported that they believe the group split into two smaller semi-autonomous and autonomous groups, where latter focuses mostly on data exfiltration, without data encryption.
While it may seem as good news for the IT public that Conti is no more, the scattering into smaller groups may prove to be even more dreadful in the future. However, it does pose a big challenge on Conti’s leadership to keep the ties together between the cells. Some members might lose interest and motivation working with new people, who do not necessary share the same vision and goals as they do. Only time will tell and we will be on look out for new intelligence about it.
About the author
David Kasabji
Head of Threat Intelligence
David Kasabji is the Head of Threat Intelligence at the Conscia Group. He leads the development and delivery of actionable intelligence across cyber defense and managed security operations, translating complex threat activity into clear outcomes for different audiences — from SOC analysts and incident responders to executive stakeholders and external communications. His work spans end-to-end intelligence operations: collection and analysis of adversary activity, threat actor and campaign profiling, IOC and TTP development, and intelligence-driven guidance for detection, threat hunting, and security prioritization. David is also actively involved in Digital Forensics and Incident Response, supporting investigations and crisis situations with rapid triage, context, and strategic recommendations. A strong focus of his role is continuously improving how intelligence is operationalized through standardization and automation to ensure it is timely, relevant, and measurable.nd strategic crisis management during incidents.
Related
