Is Conti Ransomware Selling Access to Victims?

Conti ransomware is a malicious actor known to bring extreme prejudice to its victims. This is mainly due to the speed with which encrypts data and spreads to other systems.

The cyber-crime organization is thought to be led by a Russia-based group that goes under the pseudonym of Wizard Spider.

The group is using phishing attacks in order to install the TrickBot and BazarLoader Trojans in order to obtain remote access to the infected machines.

What Happened?

Conti’s ransomware affiliate program appears to have recently revised its business model.

Source

The businesses affected by Conti ransomware that refuse to pay the requested ransom have been recently listed on Conti’s victim-shaming blog. This is where confidential material collected from victims can be publicized or sold. However, the cybercriminal gang updated its victim-shaming site in the last 48 hours to reveal that it is now selling access to many of the institutions it has stolen data from.

 We are looking for a buyer to access the network of this organization and sell data from their network.

Source

At this time, it remains unclear what is the reasoning behind Conti’s action, but some researchers wonder if the ransomware operation is about

Read More: https://heimdalsecurity.com/blog/is-conti-ransomware-selling-access-to-victims/