News

Conti ransomware got its own website for stolen data

Bleeping Computer journalists noticed that another ransomware group has launched its own website for stolen data from hacked companies that refuse to pay the ransom. The Conti ransomware, which many information security specialists consider the “successor” of the well-known ransomware Ryuk, has acquired its own website for leaked data.

Conti is a relatively new private Ransomware-as-a-Service (RaaS) that has recruited experienced hackers to distribute the ransomware in exchange for a large share of the ransom pay.

Submissions to ransomware identification site ID Ransomware also show the increased activity of Conti ransomware since June 15th.

“Since July 2020, Ryuk is no longer being deployed, and in its place, the TrickBot-linked operators, are now deploying the Conti ransomware”, — argues Vitali Kremez from Advanced Intel.

Nowadays, many ransomware operators often practice the so-called “double extortion”. For example, attackers demand a ransom from companies directly for decrypting the affected data, but before starting encryption, they also steal confidential information, and then threaten to publish it to the public if the victim does not pay a second ransom.

A notable example of such a double ransom attack is the recent incident at the University of Utah.The educational institution practically was not affected by the ransomware attack itself, but it was still forced to pay the criminals $457,000, as they threatened to disclose the personal data of the students that was stolen during the attack.

This tactic has been used by ransomware since 2019, and the operators of the ransomware Maze were the first to launch the site for leaked data. Other factions soon followed suit, including Ako, Avaddon, CLOP, Darkside, DoppelPaymer, Mespinoza (Pysa), Nefilim, NetWalker, RagnarLocker, REvil (Sodinokibi), and Sekhmet.

Now this list has been joined by the Conti ransomware, which appeared relatively recently. The group’s website has already listed 26 victim companies, many of which are very large and well-known.

Stolen data on the Conti website

For each victim, hackers create a separate page containing samples of stolen data.

Previously, the operators of this ransomware included only a message stating that the victim’s data was encrypted and provided two email addresses to contact them.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago