Costa Rica Says Its At War With Conti Ransomware

Notorious ransomware gang Conti has apparently taken its infrastructure offline and shut downward its functioning. Members of the gang, which is currently engaged in a high-profile ransomware campaign confronting Costa rica, are thought to be forming alliances with other, smaller groups as a mode of rebranding. Increased attention from Usa law enforcement agencies, which has led to a $15m bounty beingness posted for whatsoever information near the criminals running Conti, is thought to be one of the primary drivers behind the movement.

Conti has been at state of war with Costa Rica for iv weeks. But now the gang appears to exist shutting downwards. (Photograph past Arnoldo Robert/Getty Images)

Conti’due south departure marks a “truly historic day in the [cybersecurity] community,” according to researcher at security company AdvIntel, Yelisey Boguslavskiy. The gang has been active since 2020, and has been a thorn in the side of public sector organisations around the world, almost notably hitting the Irish gaelic healthcare system in 2021, earlier beginning its sustained avalanche of attacks against Costa Rica terminal month.

Boguslavskiy noted that some of the online infrastructure has remained, such as the older version of its victim weblog, but that “the internal panels and hosts are downwardly”.

Why has Conti shut downwardly?

The increased recklessness of Conti’south behaviour tipped off cybersecurity researchers that information technology could exist planning big changes, then today’s news is non a big surprise. Its actions in the Costa Rica attack reflect this, with the gang having upped its ransom need and threatened to topple the government if it is not appeased.

“Conti is likely to have multiple other ‘side hustles’ in the cybercrime scene, including the Karakurt data extortion group and the new BlackBasta gang,” Louise Ferrett of Searchlight Security told
Tech Monitor
earlier this month. “The grouping may be less concerned well-nigh ‘burning’ the Conti identity if they already have these alternative revenue streams lined upwardly.”

Popular:   The Fisher Price Baby Controller Has Been Modded To Play Elden Ring And Its Glorious

Last month Conti appeared to pledge its back up for Russia’southward invasion of Ukraine, before chop-chop backtracking in the face of criticism from other hackers. Simply its actions came too late to terminate pro-Ukraine hacktivists leak information well-nigh the group online.

Content from our partners

Harnessing the power of low code and no code development

Signs your accounting software is no longer fit for your growing business

Incumbent banks must transform at speed, or miss the benefits of open banking

Today’s news is “an interesting development that was foreshadowed with regards to Conti’southward behaviour becoming increasingly reckless – even past ransomware gang standards,” Ferrett says.

She adds: “I’d say the key reasons they would ‘disband’ – though it’south more similar a rebrand in actual fact – are an increase in law enforcement attention from the U.s. ($15m reward), likewise equally the continued PR scandals and OPSEC fails they’ve experienced in the last year or so, including the leaking of their internal training handbook and tools concluding year, plus the more than contempo extensive leaks of their internal chats, damaging their reputation in the cybercrime globe.”

What next for Conti hackers later on group shut down?

AdvIntel has suggested that the operation in Costa Rica was conducted to cloak its transition to multiple, smaller gangs. “The simply goal Conti had wanted to see with this final assail was to use the platform every bit a tool of publicity, performing their own decease and subsequent rebirth in the most plausible way it could have been conceived,” the visitor says. Whether today’southward news will bear upon negotiations with the Costa Rican government, which has so far refused to pay the bribe demanded, remains to exist seen.

Popular:   Github Will Require All Developers To Enroll In 2fa By The End Of 2023

Both Karakurt and BlackBasta accept been highlighted as possible new Conti affiliate gangs, besides as other active groups such as Hive, HelloKitty, BlackCat, Advos Locker, BlackByte and the BazarCall Collective.

Show that Conti has been operating through other, smaller gangs start came to light in February, when The San Francisco 49ers America football team was hit with a ransomware attack during Superbowl weekend, idea to have been carried out by the hacking gang BlackByte. All the same, show appears to suggest that BlackByte isn’t a existent gang, just “was created for the sole purpose of maximising Conti’s monetary data extortion,” AdvIntel researchers say.

Ferrett says information technology’south not still articulate which of these groups are true Conti spin-offs. “Most are pretty confident that the Karakurt group is a data-theft subgroup of Conti,” she says. “There was speculation around BlackBasta beingness the successor to Conti, with good reason, but that’s been disputed by Conti themselves who disparaged BlackBasta as ‘kids’.”

She also believes the gang may reform despite today’south development. “I think it’due south possible Conti could create a whole new identity rather than trying to grow any of its suspected subgroups.”

Costa Rica Says Its At War With Conti Ransomware