Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, continues to operate despite the recent data leak on its internal activities.
The group’s activity returned to the levels that represented a peak in 2021, the gang rapidly reacted to the public disclosure of its communications, source code, and operational details.
“The number of victims added to the Conti leak site increased in February 2022. On February 27, the @ContiLeaks Twitter persona began leaking GOLD ULRICK data and communications. Despite these public disclosures, the number of Conti victims posted in March surged to the second-highest monthly total since January 2021.” reads the post published by Secureworks Conter Threat Unit (CTU).
One of the members of the GOLD ULRICK gang that goes online with the moniker ‘Jordan Conti’ said that the leak had a minimal impact on its operation.
According to a post published by ‘Jordan Conti’ on the RAMP underground forum the Conti darweb leak site only lists victims that refused to pay the ransom and that the gang has compromised twice that number.
This means that the Conti gang has a 50% payment success rate with an average payout of ‘700k’.
The Conti ransomware operators added 11 new victims to the list on their leak site in the first four days of April, its success is due to the evolution of its tactics, techniques and procedures.
“‘Jordan Conti’ indicates that GOLD ULRICK continues to evolve its ransomware, intrusion methods, and approaches to working with data. The Conti leak site added 11 victims in the first four days of April. If GOLD ULRICK operations continue at that pace, the group will continue to pose one of the most significant cybercrime threats to organizations globally.” concludes the analysis.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Conti ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]