The Conti ransomware operation has undergone some significant organizational structure changes in the past months after the brand became toxic due to its affiliation with the Russian government. The Conti operation has been highly successful, helping cybercriminals make billions of dollars after breaching the systems of hundreds of major organizations. While it appeared to be very active, threat intelligence company AdvIntel says the group has been in the process of shutting down the Conti brand and switching to a different organizational structure that involves multiple subgroups. The Conti brand’s downfall appears to have started in late February, after Russia launched an invasion of Ukraine. Shortly after the war began, Conti pledged its support for the Russian government and threatened to attack the critical infrastructure of its enemies. The initial statement from Conti was revised and toned down, but it was too late. Expressing support for the Russian government sparked internal debate and led to vast amounts of internal data, including chats and source code, getting leaked. According to AdvIntel, the factor that sealed the fate of the Conti brand was that pledging allegiance to Russia resulted in the group being associated with the Russian government.
Full story : Conti Ransomware Operation Shut Down After Brand Becomes Toxic.