Conti ransomware got its own website for stolen data

Bleeping Computer journalists noticed that another ransomware group has launched its own website for stolen data from hacked companies that refuse to pay the ransom. The Conti ransomware, which many information security specialists consider the “successor” of the well-known ransomware Ryuk, has acquired its own website for leaked data.

Conti is a relatively new private Ransomware-as-a-Service (RaaS) that has recruited experienced hackers to distribute the ransomware in exchange for a large share of the ransom pay.

Submissions to ransomware identification site ID Ransomware also show the increased activity of Conti ransomware since June 15th.

“Since July 2020, Ryuk is no longer being deployed, and in its place, the TrickBot-linked operators, are now deploying the Conti ransomware”, — argues Vitali Kremez from Advanced Intel.

Nowadays, many ransomware operators often practice the so-called “double extortion”. For example, attackers demand a ransom from companies directly for decrypting the affected data, but before starting encryption, they also steal confidential information, and then threaten to publish it to the public if the victim does not pay a second ransom.

A notable example of such a double ransom attack is the recent incident at the University of Utah.The educational institution practically was not affected by the ransomware attack itself, but it was still forced to pay the criminals $457,000, as they threatened to disclose the personal data of the students that was stolen during the attack.

This tactic has been used by ransomware since 2019, and the operators of the ransomware Maze were the first to launch the site for leaked data. Other factions soon followed suit, including Ako, Avaddon, CLOP, Darkside, DoppelPaymer, Mespinoza (Pysa), Nefilim, NetWalker, RagnarLocker, REvil (Sodinokibi), and Sekhmet.

Now this list has been joined by the Conti ransomware, which appeared relatively recently. The group’s website has already listed 26 victim companies, many of which are very large and well-known.

Conti ransomware got a website
Stolen data on the Conti website

For each victim, hackers create a separate page containing samples of stolen data.

Previously, the operators of this ransomware included only a message stating that the victim’s data was encrypted and provided two email addresses to contact them.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button