By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

CPR Unveils Leaks of Conti Ransomware Group

Industry experts have said Conti is based in Russia and may have ties to Russian intelligence.

Check Point Research (CPR) has revealed new details into the inside operations of Conti ransomware group.

CPR Leaks Conti RansomwareConti is a ransomware-as-a-service (RaaS) group, which allows affiliates to rent access to its infrastructure to launch attacks.

Lotem Finkelsteen, Head of Threat Intelligence and Research, at Check Point Research said, “For the first time, we have a glass door to a group that has been known to be the face of ransomware. Conti acts like a high-tech company. We see hundreds of employees in a hierarchy of managers. We see an HR function, with people responsible for different departments. Alarmingly, we have evidence that not all the employees are fully aware that they are part of a cybercrime group. In other words, Conti has been able to recruit professionals from legitimate sources. These employees think they are working for an ad company, when in fact they are working for a notorious ransomware group. Some of these employees find out the truth and they decide to stay, revealing that the Conti management team has developed a process for retaining employees. It’s clear to us that Conti has developed an internal culture to develop profits, as well as fining employees for undesirable behavior. We also see that Conti has offices in Russia. Our publication presents findings of the inner-working and culture of Conti.”

Industry experts have said Conti is based in Russia and may have ties to Russian intelligence. Conti has been blamed for ransomware attacks targeting dozens of businesses, including clothing giant Fat Face and Shutterfly, as well as critical infrastructures, like the Irish healthcare service and other first-responder’s networks.

On February 27 of this year, a cache of chat logs belonging to the Conti was leaked online at the hands of an alleged insider, who claimed to have objected to the group’s support for the Russian invasion of Ukraine.

CPR analyzed the leaked files, learning that the ransomware groups operate as a large technology company. Conti has an HR department, a hiring process, offline office premises, salaries and bonus payments.


Aishwarya Saxena

A book geek, with creative mind, an electronics degree, and zealous for writing.Creativity is the one thing in her opinion which drove her to enter into editing field. Allured towards south Indian cuisine and culture, love to discover new cultures and their customs. Relishes in discovering new music genres.

Related Articles

Upcoming Events