The infamous ransomware gang, known as the County Group, effectively downgraded their infrastructure and ended their operation by informing their team leaders that the brand no longer existed.
What happened?
Yelisi Boguslavsky Advanced Intel tweeted this afternoon that the gang’s internal infrastructure had been shut down, where we learned this information.
[FLASH] #Conti Officially closed
Conti official website today #Ransomware Was closed, marking the end of this notorious crime group; This is truly a historic day # Intelligence Community!
Looking forward to today AdvIntel With enhanced analysis!@ VK_Intel pic.twitter.com/gMSXhlHVSb
– Yelise Boguslavsky (y_advintel) May 19, 2022
According to Blipping computer The Tor admin panel that members used to discuss and post “news” on their data leaked sites is now closed. This is despite the fact that the ‘Conti News’ data leaked to the public and the ransom discussion website are still accessible.
It is possible that Conti created a front for a live operation while its members gradually moved on to other, smaller ransomware operations.
According to AdvIntel, Conti only wanted to use the platform as a marketing tool, mimicking their own death and subsequent rebirth in the most believable way possible.
Conte leadership internally announced the agenda to conduct the Costa Rica invasion for the purpose of propaganda rather than ransom. Internal communication between members of the group suggested that the requested ransom payment was much less than $ 1 million (despite the unjustified claim that the ransom was $ 10 million USD, then Conte’s own claim amounted to $ 20 million USD).
Despite the abandonment of the County Ransomware brand, the Cyber Crime Syndicate will continue to play a significant role in the Ransomware sector for some time to come.
The County leadership has worked with other small ransomware gangs to carry out attacks instead of rearranging themselves as another massive ransomware operation.
Smaller ransomware gangs benefit from this relationship by absorbing the influence of skilled contingents, negotiators and operators. By subdividing into smaller “cells” overseen by the central leadership, the County Cyber Crime Syndicate is able to increase its mobility and ability to more effectively evade law enforcement.
According to a study published by Advanced Intel, Conti has collaborated with a variety of well-known ransomware operations, including HelloKitty, AvosLocker, Hive, BlackCat, and BlackByte.
Conte’s current members, including negotiators, intelligence analysts, Pentesters and coders, have been involved in various ransomware operations. Although these individuals will now use encryptors and discussion sites used by other ransomware operations, they are still part of a larger contingent organization.
This splitting into smaller units, fully or partially autonomous, is illustrated in the image provided by Advanced Intel and can be found below.
According to Advanced Intel, a new independent group of Conti members has recently been formed, and the primary purpose of these groups is data exfoliation rather than data encryption. Karakurt, BlackByte, and Bazarcall Collective are just a few examples of such groupings.
The current Cyber Crime Syndicate is able to continue its activities as a result of this action; However, it will no longer operate under the Conti brand.
If you liked this article, follow us LinkedIn, Twitter, Facebook, YouTubeAnd Instagram For more cyber security news and topics.
