Conti ransomware operators “earned” at least $ 25.5 million since July 2021

Conti ransomware operators
Written by Emma Davis

Experts of the Swiss cybersecurity company Prodaft have calculated that over the past five months, the Conti ransomware operators have earned at least $ 25.5 million from their attacks.

The company said it has partnered with Elliptic blockchain analysts to track 113 cryptocurrency addresses and over 500 bitcoins that Conti operators have collected from their victims over the past five months. This data is the first and only attempt to measure Conti’s earnings to date.

Monthly ransom payments

Prodaft and Elliptic experts say that they recorded several transactions that split $6.2 million from Conti’s profits and were sent to a so-called “consolidation wallet.” The discovery of this wallet is good news, as it could become a target for law enforcement and allow the authorities to confiscate a significant portion of the hack group’s profits, as the US Justice Department previously did with one of REvil’s partners.

However, Prodaft notes that Conti’s operators manage the consolidation wallet themselves, and the group’s partners are not involved. They usually launder profits through shadow exchanges as Wasabi, and through Russian-speaking marketplaces like Hydra.

In August 2021, 0.07 bitcoin was sent from this cluster to a well-known exchange known to be used by ransomware groups. In addition, Conti has not attempted to cash out or exchange the received Bitcoins from this cluster. The group’s activity indicates that the remaining 123.06 bitcoins are currently held in an unhosted wallet.the researchers write.

In addition, the researchers said they also tracked ransom payments and how the group distributed profits to its partners.

One cluster was identified that received payments from both Conti and DarkSide, which may indicate that this is an individual who worked as a partner of both of these groups.

Ransom payments over time

It is worth pointing out that after the termination of such ransomware as Avaddon, REvil, DarkSide and BlackMatter, the Conti group, along with LockBit, became the most active RaaS platforms in the world. This explains the interest in hackers both of the information security experts and special services.

Let me remind you that we talked about the fact that Conti ransomware attacks Ireland’s Health Service Executive.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply