Experts of the Swiss cybersecurity company Prodaft have calculated that over the past five months, the Conti ransomware operators have earned at least $ 25.5 million from their attacks.
The company said it has partnered with Elliptic blockchain analysts to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is the first and only attempt to measure Conti’s earnings to date.
Prodaft and Elliptic experts say that they recorded several transactions that split $6.2 million from Conti’s profits and were sent to a so-called “consolidation wallet.” The discovery of this wallet is good news, as it could become a target for law enforcement and allow the authorities to confiscate a significant portion of the hack group’s profits, as the US Justice Department previously did with one of REvil’s partners.
However, Prodaft notes that Conti’s operators manage the consolidation wallet themselves, and the group’s partners are not involved. They usually launder profits through shadow exchanges as Wasabi, and through Russian-speaking marketplaces like Hydra.
In addition, the researchers said they also tracked ransom payments and how the group distributed profits to its partners.
It is worth pointing out that after the termination of such ransomware as Avaddon, REvil, DarkSide and BlackMatter, the Conti group, along with LockBit, became the most active RaaS platforms in the world. This explains the interest in hackers both of the information security experts and special services.
Let me remind you that we talked about the fact that Conti ransomware attacks Ireland’s Health Service Executive.
