The Week in Ransomware - June 24th 2022 - Splinter Cells
The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation. [...]
Tor is an anonymity network that routes traffic through relays, supporting privacy while also complicating the investigation of online abuse.
Search across headline titles and summaries.
Background for this topic.
Tor is an open-source privacy network that routes Internet traffic through a sequence of volunteer-operated relays. Layered encryption limits what each relay can learn about the connection, helping users resist traffic monitoring, censorship, and location tracking. Tor also supports onion services, which are reachable within Tor without exposing a conventional server address. It provides anonymity protections, not a guarantee of anonymity or confidentiality.
Security practitioners should remember that Tor does not encrypt traffic beyond the network: an exit relay can observe unencrypted application data, so HTTPS and secure application design remain necessary. Endpoint compromise, unsafe browser configuration, fingerprinting, or opening downloaded content can also identify or harm a user. A powerful observer may correlate traffic entering and leaving the network. In enterprise investigations, Tor connections are useful leads but weak attribution evidence because many unrelated users share relay addresses; correlate them with authentication, endpoint, and application telemetry rather than treating a Tor IP as proof of malicious activity.
The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation. [...]
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. [...]