Finally it seems that we have reached the epilogue of the operations of the Conti ransomware, which appears to have shut down its latest public infrastructure, consisting of two Tor servers used to divulge data and negotiate with victims. According to the analyst Ido Cohen, the servers would have been closed last Wednesday. A news also confirmed by BleepingComputer, which stated that they actually see them offline even today. But let’s go and understand what has really happened in recent months.
Ransomware Conti: the last servers of the criminal group closed
Last May BleepingComputer reported for the first time that Conti had begun to shut down its operations, shedding its internal infrastructure, including its communication and storage servers. Yet, by launching some attacks on Costa Rica, Conti tried to create the facade of an ongoing operation. Meanwhile, its members have quietly moved to other ransomware gangs. “The only goal that Conti had wanted to achieve with this final attack was to use the platform as an advertising tool, carrying out his own death and subsequent rebirth in the most plausible way possible”. Thus explains a report of Advanced Intel.
In reality, the Conti ransomware did not “unhook” any attack. And indeed it has done everything to confuse researchers and law enforcement. Either way, it would appear that the members split into smaller cells, infiltrated into other ransomware operations. By distributing members across multiple groups, the entire operation is prevented from being interrupted if a single cell is captured, or a gang of ransomware is shut down by law enforcement. By doing so, members move from one operation to another as needed. Beyond that, what matters is the Conti ransomware has written its latest chapter. And this makes everyone calmer.
Chiara Crescenzi
Compulsive editor, lover of TV series and junk food. I share my life with an English Bulldog, the source of inspiration for the things I write.