Analysts uncovered the organization of a crypto extortion ring from Russia
According to Crystal Blockchain’s analysis, the largest ransom amount received by Conti criminals was 725 BTC
18.05.2022 - 10:55
783
2 min
0
What’s new? Analytics firm Crystal Blockchain conducted a detailed analysis of the February 2022 leaked messages of members of the Conti hacker group from Russia. It found that Conti used over-the-counter brokers to cash out stolen cryptocurrency. These funds were used to pay members of the group and to rent servers. According to the investigation, some Conti employees did not know what specific activities the gang was engaged in.
What is known about Conti? The hacker gang has carried out numerous attacks on public institutions and private companies around the world. The criminals are responsible for creating popular ransomware such as Ryuk and Trickbot.
Based on an analysis of the messages, Conti operates much like a regular company, with hiring, performance review, and employee of the month selection. To some applicants, Conti has been presented as an advertising agency. It also has management, finance, and human resources departments.
In 2020, during the outbreak of the coronavirus pandemic, Conti attacked Ridgeview Medical Center in Minnesota. According to the analysis of the messages and transactions, the institution sent 301 BTC (more than $4 million at the time) to the hackers as ransom.
The largest ransom payout was a transaction dated October 10, 2020, for 725 BTC (about $8 million) from an unknown company. The alleged victim of the hackers could be the printer manufacturer, Xerox, which was attacked in the same year, 2020.
Conti’s messages mention 89 institutions that were planned to be attacked, most of them based in the United States, with some more in Canada, Australia, and Europe. The exact number of successful attacks that resulted in payouts is unknown.
What happened before? In April, the US Treasury Department imposed sanctions on the Garantex crypto exchange and the Hydra darknet marketplace. The agency found that about $8 million in proceeds from ransomware such as Ryuk and Sodinokibi passed through Hydra’s accounts. An analysis of known Garantex transactions revealed that transactions worth more than $100 million related to illegal activities. Almost $6 million of these came from the Russian hacker group Conti.
In April 2022, the US authorities warned of the threat of attacks on crypto companies. The states said the threat comes from DPRK-sponsored hackers and their main target is cryptocurrency. The hackers’ methods include social engineering, encouraging victims to download malware and applications.
Cryptocurrency services Etherscan, CoinGecko, DeFi Pulse, and others also reported incidents of a malicious pop-up, offering users to connect their MetaMask crypto wallets. A preliminary investigation revealed that the phishing attack was caused by a malicious ad script on the affected sites.
Useful material?
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024
Technologies
The company also unveiled its own blockchain adoption index
Nov 11, 2024