As previously reported, it was already known amongst the cybercriminal landscape that the Conti ransomware operations had been gradually shutting down. Recently, the notorious ransomware gang dismantled the last two Tor infrastructures they used to leak their victims’ data.
It was only last month when Conti had made noise among security researchers, but it was not about any cyberattack operations they have carried out – but about beginning to shut down their cybercriminal operations. The gang announced decommissioning their servers and internal infrastructure, leaving few members to finish a final campaign against Costa Rica.
In their last attack campaign, researchers explained that Conti only had to publicly declare that their team would be dismantled, as the rest of their members might transfer to other groups to perform a rebirth. During these final attacks, the Conti ransomware continued to leak their victims’ data on their site, although these databases are from their previous attacks and not recent ones.
Replacing Ryuk, the Conti ransomware first emerged in 2020 and has performed grave cyberattack campaigns worldwide since then.
Numerous high-profile attacks had been tagged to Conti’s name since their launch, making them one of the most notorious ransomware groups in the cybercriminal landscape. Their victims range from various sectors, including educational institutions, tech, banking firms, and healthcare companies.
They had eventually grown to be capable of developing powerful malware strains like TrickBot and BazarBackdoor, wherein both were widely used in several cyberattack campaigns against organisations worldwide.
Last February, as war has transpired between Ukraine and Russia, the ransomware gang choosing to side with the latter country had pushed a security researcher to leak their internal chat conversations to the public and source code for their ransomware encryptor – crippling the infamous group. Experts believe that this event sparked the eventual downfall of Conti.
Despite the gang’s termination, many of their members transferring to other threat groups would only mean that Conti’s sophisticated attack techniques would be spread among those groups that would attack more organisations in the future, possessing more advanced ways to strike their targets.
Hence, companies are advised to be prepared against ransomware gangs that could be now more equipped with powerful tools to carry out their malicious activities.
