Conti Ransomware Gang Finally Shutdowns Operations on Costa Rica and Rebrand Into Smaller Groups

The notorious cybercrime group, Conti, has completely shutdown its operations. Conti ransomware team leaders said that the group has officially shutdown all its operations, and the group already has their infrastructure taken offline.

According to Yelisey Boguslavskiy from advanced Intel, the group Internal Infrastructure was turned off. Bogulavskiy made a tweet posted on Thursday saying, “Today the official website of Conti Ransomware was shutdown, marking the end of this cybercrime group. It is a truly historic day in the Intelligence Community.”

Why did Conti Shutdown?

The reason behind Conti’s shutdown in the middle of a ransomware operation against Costa Rica has still not been revealed. However, Boguslavskiy stated that Conti’s members are now joining other smaller ransomware groups.

Small ransomware gangs have gained an inflow of well-equipped hackers, pen testers, negotiators, intel analysts and developers under cooperation. Instead of rebranding it as another large ransomware operation, Conti’s leadership has partnered with other smaller ransomware gangs to continue launching more cyberattacks.

The Conti cybercrime syndicate gains mobility and greater evasion of law enforcement by splitting into smaller groups still maged by the central leadership.

According to a report on Advanced Intel, the threat actors have partnered with numerous popular ransomware gangs like HelloKitty, AvisLocker, Hive, BlackCat, BlackByte, Karakurt.

The groups allow the the existing cybercrime syndicate to continue but no longer under the Conti name. They reported that newly formed groups containing members of the group now have new duties which are focusing on data exfiltration and not data encryption.

More on the reports from Advanced Intel’s unique visibility and intelligence findings says that the APT goal was to use the final attack as a means of publicity, performing their own death and rebirth in the most plausible way it could have been conceived.

The agenda to conduct the attack on Costa Rica was to gain publicity rather than for their normal ransom operations, and was declared internally by the Conti leadership.

More on the Ransomware Group.

Conti ransomware operations started in 2020 and they have remained active in the cyber space. Russian-based threat actors have been relentlessly launching attacks on U.S. infrastructure and many other international organizations.

Recently before the shutdown, Conti ransomware launched an attack on Costa Rica Financial systems which led to the state of emergency declaration in Costa Rica. Their notable attacks include Trickbot malware, Cobalt strikes and Baazar Loader Trojans.

Conti Ransomware has grown to be the most notorious ransomware gang and gained much publicity in the media, their activities made the U.S government offer up to $15,000,000 for identification and information on the Conti ransomware group.

Despite the shutdown, their operations continue to play a relevant role in the ransomware industry and some organizations are still recovering from their attacks.