Conti ransomware gang was infamously known as one of the most sophisticated adopters of ransomware-as-a-service (RaaS) model, earning them 180 million USD only in 2021. However, due to the recent Russian invasion on Ukraine, the foundations of the group started to tremble. Soon we were witness of Conti internal leaks by one of their members, who disagreed with Conti’s public statement that they are backing Russia in the new conflict. This indicated that Conti ransomware gang had members from both Russia and Ukraine.
Now, Advanced Intel’s Yelisey Boguslavskiy reported via Twitter that Conti gang officially ended their operations. Their official website was shut down, the Tor admin panels which were used for negotiation are also offline, but the public-facing Conti News dark web website is still online – this is the data leak website.
New cells and mergers
Even though Conti as a brand came to an end, there are already indications that the ex-members will not retire. Instead, they are partnering with other smaller ransomware gangs which will benefit from Conti members’ technical expertise, while the ex-members will evade the spotlights for a while. It is possible that the Conti management will still manage all the cells from central leadership.
Advanced Intel reported that they believe the group split into two smaller semi-autonomous and autonomous groups, where latter focuses mostly on data exfiltration, without data encryption.
While it may seem as good news for the IT public that Conti is no more, the scattering into smaller groups may prove to be even more dreadful in the future. However, it does pose a big challenge on Conti’s leadership to keep the ties together between the cells. Some members might lose interest and motivation working with new people, who do not necessary share the same vision and goals as they do. Only time will tell and we will be on look out for new intelligence about it.