The notorious conti extortion software gang has officially shut down their operations, the infrastructure has been offline, and the team leader has been told that the brand no longer exists The news comes from yelisey boguslavskiy of advanced Intel. He said on twitter this afternoon that the internal infrastructure of the gang has been closed.
Although the conti news data leakage and ransom negotiation website for the public is still online, boguslavskiy told bleepingcomputer that the tor management panel used by members to carry out negotiations and publish "news" on their data leakage website has now been closed. In addition, bleepingcomputer was informed that other internal services, such as their rocket chat server, were being retired.
Although conti's closure in the information war with Costa Rica may seem strange, boguslavskiy told us that conti carried out this very public attack to create an illusion of real-time operation, while conti members slowly migrated to other smaller extortion software operations.
However, advanced Intel's unique confrontational visibility and intelligence discovery led to the opposite conclusion. A report released by advanced inte tomorrow explains that the only purpose conti wants to achieve through this final attack is to use this platform as a publicity tool to interpret their own death and subsequent rebirth in the most reasonable way.
Conti's leadership announced that the attack on Costa Rica was for publicity, not ransom. Internal communication among members of the organization showed that the ransom required was far less than $1 million. Although conti blackmail software brand no longer exists, the cybercrime group will continue to play an important role in the blackmail software industry for a long time in the future.