![]() The prolific botnet then expanded its capabilities to credential harvesting, crypto mining, and gaining a foothold into the victims’ systems to deploy ransomware. ![]() TrickBot initially emerged in 2016 as a banking Trojan designed to steal user credentials and personally identifiable information (PII). For several years, the threat intelligence community has suspected that both Ryuk and Conti ransomware were operated by a single group identified as Wizard Spider by CrowdStrike based on the similarities in code and other factors.Īfter Ryuk’s suspected rebrand to Conti in approximately May of 2020, the ransomware continued becoming even more destructive, eventually merging with the group running the TrickBot botnet at the end of 2021 according to threat intelligence firm AdvIntel. Ryuk ransomware, which was active from mid-to-late 2018, was responsible for a high number of ransomware attacks resulting in millions of USD in losses. The leak was sparked by Conti’s official statement on February 25, 2022, announcing full support to the Russian State and threatening the world with offensive operations if any Russian infrastructure is attacked as a possible response to Russia’s invasion of Ukraine. ![]() Authentication of leaks as having come from Conti infrastructure was confirmed by the threat intelligence community including TheRecord. On February 27, 2022, an individual with apparent inside access to Conti’s infrastructure leaked nearly 160,000 messages from internal chats and other data shedding light on more than a year of Conti’s operations, uncovering the syndicate’s ecosystem as well as hundreds of crypto addresses used to extort victims and fund the group's activities.Such a tactic of rebranding is widely known to be used by ransomware syndicates to cover their tracks as described by BleepingComputer. Not only do on-chain investigations indicate funds for salary paid by a Conti core member were derived from a known Ryuk ransomware address, similarities in code and other factors suggest that Conti is a rebranding of the Ryuk ransomware.Both Conti and Ryuk also appear to be part of the Wizard Spider cybercriminal group, and are responsible for the TrickBot botnet. An analysis of leaked private messages of Conti group members, open-source reporting, and on-chain investigations of salary-related addresses by TRM investigators indicates ties between two ransomware groups, Conti and Ryuk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |