Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
Discover the latest updates and insights on the ContiGang cybercrime syndicate, your go-to source for information security news and trends.
Search across headline titles and summaries.
Background for this topic.
ContiGang is a ransomware-focused cybercrime group linked to a series of high-impact intrusions targeting organizations across various sectors. The group typically gains initial access through compromised credentials or exploited vulnerabilities, then deploys ransomware to encrypt data and demands payment for decryption keys. Their operations often include double extortion tactics, threatening to leak stolen data if ransoms are not paid.
For security teams, ContiGang’s activity highlights the need for rigorous vulnerability management, especially patching known exploits that facilitate initial access. Monitoring for unusual credential use and lateral movement can help detect early-stage intrusion. Incident response plans should account for data exfiltration risks alongside encryption, emphasizing secure backups and network segmentation to limit ransomware impact and data exposure.
Weekly headline count for the current query.
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren't so sure the brand means that much.
Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
Members of the former ransomware group are using a FIN7 backdoor to deliver malware —including Cobalt Strike — to victim systems.
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.
A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign.
The initial access broker (IAB) for ransomware gangs known as UAC-0098 has targeted Ukrainian organizations in five separate phishing campaigns spanning April to August.
A relative newcomer to the ransomware scene, the BlackCat group quickly gained notoriety and may be associated with other APT groups like Conti and DarkSide.
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.
Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often.
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
Conti threat actors are betting chipset firmware is updated less frequently than other software — and winning big, analysts say.
Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.
Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.
Continuing CSC research indicates over 70% of brand-specific domains are fake.
As the invasion of Ukraine continues, Russian citizens have turned to virtual private networks — boosting demand for the software by 27x — to circumvent the government's blocks on social media and news sites critical of the war.
We need to focus on the bad guys and their methods instead of playing whack-a-mole with indicators of compromise.