[TheRecord] Conti gang has made at least $25.5 million since July 2021

The operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since July 2021, Swiss security firm Prodaft said in a report today.

The company said it worked with blockchain analysis firm Elliptic to track more than 500 bitcoin the Conti gang had collected over the past five months in 113 cryptocurrency addresses.

Image: Prodaft

Prodaft and Elliptic said they identified several transactions that split $6.2 million of the Conti profits and sent them to what they called a “consolidation wallet.”

“In August 2021, 0.07 bitcoin was sent from this cluster to a prominent exchange known to be used by ransomware groups. Aside from this, Conti have not attempted to cash out or exchange any of the bitcoin they have received into this cluster. Blockchain activity indicates that the remaining 123.06 bitcoin is currently held in an unhosted wallet.”

In addition, researchers said they also tracked ransom payments as the Conti gang distributed the profits to its partners. Known as “affiliates,” these are criminal groups who perform intrusions into companies, install the Conti ransomware, and then get a cut from the ransom payment at the end.

“One cluster was identified which has received payments from both Conti and DarkSide, which may indicate that an individual has worked as an affiliate for both of these groups,” the researchers said, confirming other past reports highlighting that some affiliates jump ship from one ransomware program to another when drawn with larger cuts or better encryption tools.

Image: Prodaft

The discovery of the consolidation wallet is good news, as this could be targeted in a future law enforcement action and have authorities seize a large chunk of a gang’s profits, as the DOJ has done this month with one of REvil’s affiliates.

However, Prodaft points out that while the Conti gang itself runs a consolidation wallet, its affiliates do not appear to do so, and they usually launder their profits through shady exchanges, coin swaps, privacy-enhancing wallets like Wasabi, and via Russian-language darknet market Hydra.

First-ever Conti estimates

But the estimated $25.5 million earnings are just that, an estimation, and the Conti gang is believed to have earned much more over this period, and its history, dating back to August 2020.

However, the figure is also the first and only estimation of Conti’s profits made until today.

Research into tracking ransom payments and the threat actor’s wallets has been done before for other gangs, and this type of research has often helped inform authorities about today’s most dangerous groups, which has often led to law enforcement crackdowns.

Past research and profit estimations for other ransomware gangs include:

Darkside – $90 million between October 2020 and May 2021.Maze/Egregor – $75 millionRyuk – $150 million (Conti is considered a rebrand/continuation of the Ryuk operation)REvil – $123 million in 2020Netwalker – $25 million between March and July 2020

After the shutdowns of ransomware operations like Avaddon, REvil, Darkside, and BlackMatter, the Conti gang, along with the LockBit group, have become the most active ransomware-as-a-service (RaaS) platforms today, which explains the attention the group is now getting from both security firms and US cybersecurity agencies—with CISA issuing a security alert about the group’s heightened activity in September.

#LockBit and #Conti dominate another month in the #ransomware victimology chart pic.twitter.com/dCGC8egeaM

— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) October 29, 2021

The post Conti gang has made at least $25.5 million since July 2021 appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] NGO Files Hundreds of Complaints Over ‘Cookie Banner Terror’

All posts, Security Week

Online privacy campaigners on Tuesday said they had filed hundreds of complaints against websites and platforms in Europe over violations of rules on cookies, the files that track user activity. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Lost iPhone? With iOS 15, ‘Find My’ works even when an iPhone is off or wiped

All posts, ZDNet

Apple’s iOS 15 enhances the ‘Find My network’ features to help find iPhones even when they’re off Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] Man charged with hacking MLB, NBA, NFL, and NHL user accounts to stream games

The US Department of Justice has filed charges today against a Minnesota man who hacked MLB, NBA, NFL, and NHL user accounts in order to supply content to a pirate streaming website that he operated. Charges were levied against Joshua Streit, 30, of St. Louis Park, Minnesota. The DOJ claims that Streit, who went online as […]

Read More