Analysts uncovered the organization of a crypto extortion ring from Russia
According to Crystal Blockchain’s analysis, the largest ransom amount received by Conti criminals was 725 BTC
18.05.2022 - 10:55
796
2 min
0
What’s new? Analytics firm Crystal Blockchain conducted a detailed analysis of the February 2022 leaked messages of members of the Conti hacker group from Russia. It found that Conti used over-the-counter brokers to cash out stolen cryptocurrency. These funds were used to pay members of the group and to rent servers. According to the investigation, some Conti employees did not know what specific activities the gang was engaged in.
What is known about Conti? The hacker gang has carried out numerous attacks on public institutions and private companies around the world. The criminals are responsible for creating popular ransomware such as Ryuk and Trickbot.
Based on an analysis of the messages, Conti operates much like a regular company, with hiring, performance review, and employee of the month selection. To some applicants, Conti has been presented as an advertising agency. It also has management, finance, and human resources departments.
In 2020, during the outbreak of the coronavirus pandemic, Conti attacked Ridgeview Medical Center in Minnesota. According to the analysis of the messages and transactions, the institution sent 301 BTC (more than $4 million at the time) to the hackers as ransom.
The largest ransom payout was a transaction dated October 10, 2020, for 725 BTC (about $8 million) from an unknown company. The alleged victim of the hackers could be the printer manufacturer, Xerox, which was attacked in the same year, 2020.
Conti’s messages mention 89 institutions that were planned to be attacked, most of them based in the United States, with some more in Canada, Australia, and Europe. The exact number of successful attacks that resulted in payouts is unknown.
What happened before? In April, the US Treasury Department imposed sanctions on the Garantex crypto exchange and the Hydra darknet marketplace. The agency found that about $8 million in proceeds from ransomware such as Ryuk and Sodinokibi passed through Hydra’s accounts. An analysis of known Garantex transactions revealed that transactions worth more than $100 million related to illegal activities. Almost $6 million of these came from the Russian hacker group Conti.
In April 2022, the US authorities warned of the threat of attacks on crypto companies. The states said the threat comes from DPRK-sponsored hackers and their main target is cryptocurrency. The hackers’ methods include social engineering, encouraging victims to download malware and applications.
Cryptocurrency services Etherscan, CoinGecko, DeFi Pulse, and others also reported incidents of a malicious pop-up, offering users to connect their MetaMask crypto wallets. A preliminary investigation revealed that the phishing attack was caused by a malicious ad script on the affected sites.
Useful material?
Market
Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000
Dec 16, 2024
Incidents
Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13
Dec 13, 2024
Crypto regulations
Stablecoins from issuer Circle will not be affected by the changes
Dec 12, 2024
Crypto regulations
The platform will launch after meeting the preconditions of the local exchange authority
Dec 9, 2024
Market
The $1,1 billion figure was reached after the bitcoin correction
Dec 6, 2024
Crypto regulations
By early January, all open positions and loans of local users will be closed and repaid automatically
Dec 5, 2024