Cyber security firm headquartered in Singapore, Group-IB has presented its findings on Conti, a ransomware gang. The gang managed to compromise mover than 40 organizations from all around the world. The report says that the fastest attack only took three days. The report also showed that the ransomware operators attacked more than 850 victims including corporations, government agencies, and even a whole country in two years.
850 victims in two years
According to the report, Conti has been dominating the ransomware scene along with Maze and Egregor since 2020. Conti published data from 173 victims in only 2020. At the end of 2021, Conti became one of the largest and most aggressive groups. The company published data from 859 victims, but the actual number of victims is expected to be much higher.
The top 5 industries targeted by the Conti gang are manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%), and trade (5.5%). The gang avoids attacking Russian companies. The geography of the attacks is vast, most of them occur in the United States (58.4%), followed by Canada (7%), the United Kingdom (6.6%), Germany (5.8%), France (3.9%), and Italy (3.1%).
Group-IB also stated that Conti is working closely with Ryuk, Netwalker, LockBit, and Maze, other notorious ransomware operators. Conti has even tested Maze’s ransomware, reverse-engineered it, and improved their own. The Conti gang also tends to create unique tools without reusing code snippets. Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB’s Threat Intelligence department said,
« Conti’s increased activity and the data leak suggest that ransomware is no longer a game between average malware developers, but an illicit RaaS industry that gives jobs to hundreds of cybercriminals worldwide with various specializations. In this industry, Conti is a notorious player that has in fact created an “IT company” whose goal is to extort large sums. It is difficult to predict what will happen to Conti in the future: whether it will continue working after a large-scale rebranding or be divided into smaller sub-projects. It is clear, however, that the group will continue its operations, either on its own or with the help of its “subsidiary” projects. »