Analysts uncovered the organization of a crypto extortion ring from Russia
According to Crystal Blockchain’s analysis, the largest ransom amount received by Conti criminals was 725 BTC
18.05.2022 - 10:55
473
2 min
0
What’s new? Analytics firm Crystal Blockchain conducted a detailed analysis of the February 2022 leaked messages of members of the Conti hacker group from Russia. It found that Conti used over-the-counter brokers to cash out stolen cryptocurrency. These funds were used to pay members of the group and to rent servers. According to the investigation, some Conti employees did not know what specific activities the gang was engaged in.
What is known about Conti? The hacker gang has carried out numerous attacks on public institutions and private companies around the world. The criminals are responsible for creating popular ransomware such as Ryuk and Trickbot.
Based on an analysis of the messages, Conti operates much like a regular company, with hiring, performance review, and employee of the month selection. To some applicants, Conti has been presented as an advertising agency. It also has management, finance, and human resources departments.
In 2020, during the outbreak of the coronavirus pandemic, Conti attacked Ridgeview Medical Center in Minnesota. According to the analysis of the messages and transactions, the institution sent 301 BTC (more than $4 million at the time) to the hackers as ransom.
The largest ransom payout was a transaction dated October 10, 2020, for 725 BTC (about $8 million) from an unknown company. The alleged victim of the hackers could be the printer manufacturer, Xerox, which was attacked in the same year, 2020.
Conti’s messages mention 89 institutions that were planned to be attacked, most of them based in the United States, with some more in Canada, Australia, and Europe. The exact number of successful attacks that resulted in payouts is unknown.
What happened before? In April, the US Treasury Department imposed sanctions on the Garantex crypto exchange and the Hydra darknet marketplace. The agency found that about $8 million in proceeds from ransomware such as Ryuk and Sodinokibi passed through Hydra’s accounts. An analysis of known Garantex transactions revealed that transactions worth more than $100 million related to illegal activities. Almost $6 million of these came from the Russian hacker group Conti.
In April 2022, the US authorities warned of the threat of attacks on crypto companies. The states said the threat comes from DPRK-sponsored hackers and their main target is cryptocurrency. The hackers’ methods include social engineering, encouraging victims to download malware and applications.
Cryptocurrency services Etherscan, CoinGecko, DeFi Pulse, and others also reported incidents of a malicious pop-up, offering users to connect their MetaMask crypto wallets. A preliminary investigation revealed that the phishing attack was caused by a malicious ad script on the affected sites.
Useful material?
Market
Users who have experienced withdrawal problems in the last two days will be eligible to participate
Mar 28, 2024
Market
Last July, a criminal investigation into the exchange was opened by the US authorities
Mar 27, 2024
Market
The unrealized profit from the deal was $8,9 million
Mar 26, 2024
Incidents
The phasing out began on March 25
Mar 25, 2024
Crypto regulations
The new measures must go through additional stages of approval
Mar 25, 2024
Incidents
The popularity of this kind of project launch format has already led to blockchain overload
Mar 20, 2024