According to multiple security researchers, including Advanced Intel’s Yelisey Boguslavskiy, the Conti ransomware group has stopped all operations. The group’s public facing website is still available and still includes information on it, but according to Boguslavskiy, the Tor administrative panels used by members to perform negotiations and publish “news” on their data leak site are now offline. According to Boguslavskiy, the group performed an attack on Costa Rica as a way cover the traces of other Conti members migrating to smaller ransomware groups. “The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $1 million USD (despite unverified claims of the ransom being $10 million USD, followed by Conti’s own claims that the sum was $20 million USD)” stated Advanced Intel. The group’s members have allegedly partnered with numerous well-known ransomware operations, including HelloKitty, AvosLocker, Hive, BlackCat, BlackByte, and more. Conti is considered one of the costliest groups in ransomware according to the US government and even yielded a $15,000,000 bounty for information leading to the location of high-level members.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is