https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures


ransomware headache

Intel 471 Tracking Conti Ransomware Group

  • Written by Edward Gately
  • September 27, 2023

While the Conti group may have publicly announced that it was stopping operations, that doesn’t mean the group has totally disappeared.

Since the announcement in May, Intel 471 researchers have observed Conti-loyal actors splinter and move in different directions within the cybercrime underground. Some actors have leaned into side projects that take advantage of segments of Conti’s prior operations, like network access or data theft. Others have allegedly forged alliances with other RaaS groups, building upon individual relationships that were cultivated during Conti’s existence.

Whatever path former Conti-affiliated actors have chosen, they are still focused on making profits and staying out of law enforcement custody as they move past the information leaks and subsequent media attention of the last few months.

The Black Basta ransomware gang, which started operations a month before Conti announced its shutdown, has shown signs of overlap with its TTPs, Intel 471 said. Black Basta’s data leak blogs, payment sites, recovery portals, victim communications and negotiation methods all bear similarities with Conti’s operations. Despite those similarities, Intel 471 can’t fully confirm that Black Basta is solely a rebrand launched by former Conti group members.

Brad Crompton is director of intelligence for Intel 471‘s Shared Services.

“It’s important to follow these threat actors because it’s highly likely that they will resurface as part of some other criminal undertaking, or will use specific TTPs that may enable tracking new aliases that these threat actors may choose to operate under, or enable mitigation of specific TTPs,” he said. “The public saw Conti fracture and eventually cease operations once the ContiLeaks exposed their inner workings. By continuing to follow their actions, it continually makes it more difficult for them to remain operationally secure, bringing unwanted attention to their schemes, and making it much harder for them to operate successfully.”

By working as freelancers or joining other RaaS groups, it allows other criminal groups to become that much stronger, Crompton said.

“Think of it the same way as a company looking to recruit talent after a competitor goes out of business,” he said. “There are skills that can be applied to their own operations, which only serves to strengthen their attacks. Moreover, new activities may highlight business sectors that these RaaS groups seek to target, or new TTPs that are being used. By monitoring for specific targeting of sectors or TTPs used, businesses can remain prepared and stay one step ahead of pending threats.”

Given that former Conti actors or affiliates have branched out to some of the most active RaaS groups currently operating, the threat is serious, Crompton said.

“Conti had some skilled operators along the various steps of a ransomware attack,” he said. “By integrating those people into their own schemes, other RaaS groups like LockBit 3.0 or ALPHV only grow stronger. This is a perfect example of how financially-motivated cybercriminals are opportunistic above everything else. Their first loyalty is to money, and these actors will gravitate towards whatever is the easiest path to that. We would expect the same shift if a different group like LockBit 3.0 or ALPHV were doxxed, with those actors moving to other groups that would allow them to make money as quickly and easily as possible.”

 

 

 

 

 

Tags:

Edward Gately

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Related Content

  • Verizon Channel Road Show
    Verizon, Reseller Partners Talk Channel Integration, Fixed Wireless Sales
  • AWS CJ Moses at reinforce
    Amazon Previews AWS Marketplace Vendor Insights for Risk Management
  • Leave business
    Westcoast's Alex Tatham Departs for New Role at Reseller
  • Do what matters
    The 7 Golden Rules for Choosing Ecosystem Partners

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

Cloud Computing News: AWS, Broadcom, Google Cloud, Akamai, More

September 27, 2023

CF20: 2023’s 20 Top Email Security Providers You Should Know

September 26, 2023

2023 MSP 501 Channel Disruptors: These Companies Are Shaking Things Up

September 25, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X