Conti gang is still in business, despite its own massive data leak
According to security researchers, the Conti ransomware gang is still actively conducting hacking campaigns against victims across the globe despite a major data leak that revealed much of the inner workings of the group. Conti was one of the most prolific ransomware groups of 2021, attacking hospitals, businesses, government agencies, and other entities and often requesting a significant ransom payment in exchange for decryption keys. It is believed that Conti runs out of Russia and several members of the gang came out in support of Russia’s invasion of Ukraine in February.
The Conti leaks emerged shortly after its members’ show of support, with outsiders and insiders identifying individuals involved in the ransomware gang’s operations. Daily chat logs, hiring practices, and other inner workings of the group were exposed. However, it doesn’t appear to have deterred the group as cyberattacks have continued since the leaks. According to cybersecurity researchers at NCC Group, the attackers use phishing emails containing trojan malware to gain initial access onto networks. In addition, the group is known to exploit vulnerable Microsoft exchange servers.