- A security researcher saw a prolific Russian ransomware group Conti born in 2020, amass 350 members who collectively made $2.7 billion in cryptocurrency in only two years, CNBC reports.
- The group's post expressing their siding with Russia led to a leak of details about the size, leadership, business operations, and ransomware source code on February 28, four days after Russia's Ukraine invasion.
- Soon after the post, someone opened a Twitter Inc (NYSE:TWTR) account named "ContiLeaks" and started leaking thousands of the group's internal messages alongside pro-Ukrainian statements, CNBC notes.
- Their leak appeared to be an act of revenge prompted by a post by Conti published in the wake of Russia's invasion.
- The leak helped cyber specialists realize that Conti operated like a regular tech company.
- Conti had precise management, finance, and human resource functions, along with a classic organizational hierarchy with team leaders that report to upper management.
- The messages exhibited that Conti had physical offices in Russia and probably its ties to the Russian government.
- The specialists said it would have been impossible to sustain the infrastructure without government support.
- The FBI warned that Conti's ransomware was among "the three top variants" that targeted critical infrastructure in the U.S. in 2021.
- Conti most frequently targeted the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.
- Image by S. Hermann & F. Richter from Pixabay
