Reading time: ~2 m
According to a study by Crystal Blockchain,the amount of the largest ransom received by criminals from Conti was 725 BTC.
What happened? Analytical company Crystal Blockchain conducted a detailed study of the correspondence of members of the Conti hacker group from Russia leaked in February 2022. It was found out that Conti used over-the-counter brokers to cash out the stolen cryptocurrency. These funds were spent on payments to members of the group and on the rental of servers. According to the investigation, some Conti employees did not know what specific activities the group was engaged in.
Crystal Blockchain Research
What is known about Conti? The hacker group has carried out numerous attacks on government agencies and private companies around the world. Criminals are responsible for creating popular ransomware such as Ryuk and Trickbot.
Based on the analysis of correspondence, Conti largely works like a regular company – it has hiring, performance analysis and selection of employees of the month. For some applicants, Conti was presented as an advertising agency. It also has departments of management, finance and personnel.
In 2020, during the start of the coronavirus pandemic, Conti attacked Ridgeview Medical Center in Minnesota. According to an analysis of correspondence and transactions, the institution sent 301 BTC (at that time more than $ 4 million) to hackers as a ransom.
The largest buyback was a transaction dated October 10, 2020 for 725 BTC (about $ 8 million) from an unknown company. The alleged victim of hackers could be the manufacturer of printers Xerox, which was attacked in the same 2020 year.
Conti’s correspondence mentions 89 institutions that were planned to be attacked, most of them based in the United States, another part in Canada, Australia and Europe. The exact number of successful attacks that led to the payouts is unknown.
What happened before? In April, the US Treasury imposed sanctions against the crypto exchange Garantex and the darknet marketplace Hydra. The agency found that about $ 8 million related to revenues from ransomware programs Ryuk and Sodinokibi passed through Hydra’s accounts. An analysis of Garantex’s known transactions revealed that transactions worth more than $100 million are related to illegal activities. Almost $ 6 million of them came from the Russian hacker group Conti.
In April 2022, the US authorities warned of the threat of attacks on crypto companies. The States said that the threat comes from hackers sponsored by the DPRK, and their main goal is cryptocurrency. Hacker techniques include social engineering, encouraging victims to download malware and applications.
Also, cryptocurrency services Etherscan, CoinGecko, DeFi Pulse and others reported cases of a malicious pop-up window inviting users to connect their MetaMask crypto wallets. According to a preliminary analysis, the main cause of the attack was malicious code in advertising that was published on the affected sites.
#Analysts #revealed #organization #group #crypto #extortionists #Russia