Chuyển động số

The US offers a 10 million dollar reward to find the “leader”

Conti, a leading ransomware organization with close ties to Russia that is likely responsible for the cyberattacks, has earned about $77 million over the past 21 months, a Nikkei analysis shows.

The team quickly moved funds through a complex network of hundreds of digital wallet accounts to avoid arrest. The organization even hires a team to handle public relations and HR matters, just like a large corporation.

This group is a major force in the underworld of cybercrime. According to Singapore-based analytics platform DarkTracer, of all the companies that have publicly been victims of the Conti blackmail group, around 20% or 824 businesses have been hacked by Conti. The US government recently offered a bounty of up to $10 million to anyone with the identity and location of the leaders of the Conti group.

The Russia-based ransomware group behind the attacks made $77 million.  Photo: @AFP.

The Russia-based ransomware group behind the attacks made $77 million. Photo: @AFP.

When Conti released a statement in February supporting Russia’s attack on Ukraine, pro-Kyiv government members retaliated by leaking the group’s internal chat logs. The leaked data, which spans the period from June 2020 to March this year, contains about 170,000 messages written entirely in Russian using 1.18 million characters.

Nikkei reviewed chat logs with Takashi Yoshikawa, senior malware analyst at Mitsui Bussan Secure Directions, a Tokyo-based cybersecurity company. The content provided a behind-the-scenes look at Conti’s criminal activities.

“The chats appear to be authentic,” Yoshikawa said, noting that the chat logs reveal behind-the-scenes exchanges about specific attacks, and the virus source code used for the cyberattacks. of the group is also leaked at the same time.

More sophisticated, Conti has 645 digital wallet accounts containing a total of 2,321 bitcoins, making them worth more than $90 million at the time of the leaked chat logs. When accounting for overlap and other factors, preliminary results show that Conti held at least 1,953 bitcoins — or more than $77 million — in the form of ransom payments or transfers from victim parties. external person.

The digital wallet with the most deposits received approximately $23 million between September and November 2020 in multiple transfers, each moving closer to $8 million. Those funds were then disbursed to various other digital wallets.

“The funds were transferred over a short period of time to prevent investigators from tracing the ransom payments, with the aim of converting assets to cash at exchanges or on the dark side,” said Yoshikawa. web”.

The chats included about 350 participants. Among them, 35 key members of the group posted more than 1,000 individual messages. At the same time, 30% of participants posted 100 messages or less.

The Conti team has rotated recruiting through hundreds of active members proficient in programming and other skills. In some cases, forum members appear to be unaware that they are engaging in cybercrime activities. Conti has also set up an underground business that provides training tips to help the team carry out cyber attacks.

Some chat messages suggest links to the Russian Federal Security Service. Many fear that Conti will increase its activities if Russia encounters more economic difficulties under the sanctions of Western nations.

This group is a major force in the underworld of cybercrime.  Photo: @AFP.

This group is a major force in the underworld of cybercrime. Photo: @AFP.

Conti’s actions since 2020 are just the tip of the iceberg when it comes to the virtually infinite scale of cybercrime. Ransomware attacks alone doubled last year to about 623 million cases globally, according to US cybersecurity firm SonicWall. In recent months, Toyota Motor has suffered an attack that briefly halted its supply chain.

According to an estimate by Check Point Software Technologies, an Israeli-American cybersecurity company, the financial loss associated with system downtime caused by ransomware, incurred along with attorneys’ fees and expenses. other. In it, investigators can’t keep up with cybercriminals, potentially enabling large organizations like Conti to thrive.

Recently, on May 12, the Conti ransomware threat group has been causing a national crisis in Costa Rica, where government agencies are being hit by relentless cyber attacks. These attacks, which have been ongoing since April, have severely affected the Ministry of Finance, the Costa Rican Social Security Fund, the Ministry of Science, Innovation, Technology and Telecommunications, and other government organizations. The Treasury of Costa Rica reported that its digital services were down, disrupting a variety of work related to electronic signatures, and some government procedures. The Treasury Department, which was particularly affected by the threat group, is still determining the extent of damage caused by their cyberattacks.

Conti’s threats demanded a $10 million ransom from the Treasury Department, but the agency refused to pay. The group threatened to quickly retaliate by publishing hundreds of gigabytes of stolen government data on their leak website. The data pool then promised to launch attacks of “a more severe form. The situation became so severe that the President of Costa Rica, Rodrigo Chaves, declared a state of emergency across the country. countries to respond to attacks.

Looking at the bigger picture, attacks against Costa Rica fit a larger trend that suggests that Conti threat group activity is on the rise. The team’s website shows that they are hitting more targets each month on average than they did the year before.

You are reading the article The US offers a 10 million dollar reward to find the “leader”
at Blogtuan.info – Source: danviet.vn – Read the original article here

Back to top button