One of the most active ransomware groups, Conti, is shutting down its operations. According to Yelisey Boguslavskiy from AdvIntel, the team’s internal infrastructure is now turned off. The Tor admin panel that had been utilized for negotiations and publishing data leaks is currently unavailable. Additionally, other internet services such as chat servers have gone offline as well. However, the sites themselves for leaks and negotiations are still online.
No rebranding
The team behind the Conti attacks has individually partnered with other smaller ransomware groups. That means there will be no rebranding for Conti; the ransomware gang that emerged in the summer of 2020 is now gone. However, the leaders’ partnership with smaller groups might also end up granting even greater mobility and evasion. Some of the gang’s leadership have partnered with are HelloKitty, AvosLocker, Hive, BlackCat, Karakurt, and BlackByte.
The Conti ransomware gang have involved in many activities since it was founded as it took place of Ryuk ransomware. Furthermore, the gang declared its full support for the Russian government when the war between Russia and Ukraine has begun. Then, a Ukrainian security researcher began leaking internal chat conversations of Conti, in addition to the source code of their encryptor.