The servers of ransomware group Conti are inaccessible. After hitting 850 victims in two years’ time, the group unexpectedly disbanded.

Ransomware group Conti has been attacking governments and companies since 2020. The group develops malware to encrypt the files of target organizations. In two years’ time, Conti made 850 victims, including enterprises and governments.

The more you know about an attacker, the better you can defend yourself. As a result, Conti is under investigation by several security providers. They collect data to develop security measures.

One of the researchers is Advanced Intel. The organization recently announced that Conti’s infrastructure has been shut down. Among other things, the websites on which Conti communicates with victims are inaccessible. The group unexpectedly disappeared from the radar.

Why?

Everything indicates that the infrastructure was switched off voluntarily. Conti hasn’t attacked any new targets in the past few weeks. The most recent victim was the government of Costa Rica. Conti captured 672GB of data. Shortly after the attack, Advanced Intel observed a decline in activity. A single member remained to leak the stolen data. Meanwhile, this member disappeared as well.

According to Advanced Intel, the departure has a strategic reason. “The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity”, the organisation shared in a recent report.

New beginnings

Although its members no longer operate under Conti’s name, the group isn’t going anywhere. Name changes are common among ransomware groups. Ransomware is as lucrative as it is risky. Cryptominers can remain in the shadows for years, but a ransomware group must make itself known in order to demand ransom. Over time, international police and security companies track down the group. A change of name is one of the ways in which cybercriminals delay authorities.

Tip: ‘Ransomware group Conti works fourteen hours a day’