The notorious Conti ransomware gang has shut down its infrastructure, including two Tor servers they were using to leak data and negotiate with the victim. According to the report published by Advanced Intel, the admin panel of the Conti ransomware gang’s official website, Conti News, was shut down on May 19. Advanced Intel also stated that this shutdown highlights a simple truth that has been evident for the Conti leadership, the group can no longer sufficiently support and obtain extortion.
Creating subdivisions
Conti group was also creating subdivisions for the last two months, that already began their operations before the shutdown process. These groups either use Conti alter egos and locker malware or took the opportunity to create new ones. Conti already had a couple of subsidiaries operational: KaraKurt, BlackByte, and BlackBasta.
Experts claim that the reason behind Conti’s shutting down is their support for the Russian government and the leaked Conti chat logs. Engaging in political discourse and supporting Russia’s decision to invade Ukraine brought shame on the Conti name. Internal communication of the Conti leadership that suggests the Russian FSB is pressuring the group also made it a target for Russian authorities despite their loyalty. Although the group made anti-war statements, it couldn’t change its reputation. Also, the sanction made it more difficult for the group to collect the ransom they demanded. Advanced Intel said,
« Within the short but tumultuous timeline of ransomware’s history, May 19, 2022, the day that Conti died, will leave a mark that severs the threat landscape from its past and casts a shadow on its future. However, in the grand scheme of the group’s existence, this day is not something new.
Looking back, a trail of similar marks lead from the group’s days as the organization Ryuk to their first rebranding from the collective’s Overdose division. Each mark represents a shift in the threat landscape, a series of tics that, only when viewed from a great distance, show the dramatic impact the group has made on ransomware’s very existence. However, the actors that formed and worked under the Conti name have not, and will not cease to move forward with the threat landscape, their impact will simply leave a different shape. »