Weird, but true. Ransomware is perhaps the most rewarding industry, which requires least investment and can get a lot of returns. From the nation-state actors, to large global ransomware gangs, to even smaller fringe groups, the influence of ransomware is growing leaps and bounds. Although many available data points suggest diverse figures however, there has been as much as 105% surge in ransomware cyberattacks during last one year. The attacks on government establishments crossed all limits and went up by over 1800%. Similarly, the attacks on healthcare organisations were higher than any other industry up 755%.
In first six months of 2021, there was $590 million in ransomware-related activity, according to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). Whereas during all of 2020, it reported $416 million in ransomware-related costs in the United States.
According to a recent report by Ivanti, about 32 new ransomware families were identified in 2021, bringing the total to 157 and representing a 26 percent increase over the previous year.
One of the largest ransomware groups operating at scale is Conti. It is a Russian-speaking ransomware group that also operates a ransomware-as-a-service (RaaS) business model. According to CISAGov, Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. Notable attack vectors include Trickbot and Cobalt Strike. While some ransomware payments are made in the millions, Coveware estimates that the average demand made by Conti members is just over $765,000.
Recently a cache of 60,000 leaked chat messages and files (borrowed from WIRED) from Conti ransomware group exploded on the dark web and it was nothing less than sensational. It provides glimpses of how the criminal gang operates.
DynamicCISO recently spoke to Marco Figueroa, Head of Product, BreachQuest who had spent endless hours, (may be more than what we could estimate, along with his team) to decipher the chats and came to conclusion that Conti is not just any ransomware gang. It is indeed a full-fledged corporation. It seems to be a multi-layered organisation that operates like a company. It hires and even fires contractors and salaried employees alike. They have a proper org chart, which speaks of a proper hierarchy and positions of prominence. The gang has paid nearly US$ 6 million in last 13 months as salaries and bonuses.
It’s an interesting 40-minute interview with Marco. Listen in…