Big Business: Ransomware Gang Has HR Department,’Employee of the Month’ Awards
According to a recent report, one of the most prolific ransomware groups of 2021 operates in a manner similar to a legitimate business with a human resources department, employee performance reviews, and even an employee of the month award. The gang has reportedly generated $2.7 billion in cryptocurrency through their illegal schemes.
CNBC reports that leaked documents have revealed the details of a Russian hacker group identified by the FBI as one of the most prolific ransomware hacking groups of 2021. When thinking of hacker groups, many may picture dark bedrooms and teenagers using their computer knowledge to hold companies’ precious data ransom, but according to a series of leaked documents, this ransomware group even has physical offices.
According to Shmuel Gihon, a security researcher at the threat intelligence firm Cyberint, the ransomware hacking group known as Conti emerged in 2020 and has since grown into one of the biggest ransomware operations in the world. The group is estimated to have around 350 members who have generated $2.7 billion in cryptocurrency in just two years.
The FBI warned in its Internet Crime Report 2021 that the ransomware used by Conti was among the “three top variants” that targeted critical infrastructure in the United States last year. The FBI stated that Conti “most frequently victimized the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.”
The document leak appears to be an act of revenge prompted by a post made by Conti following Russia’s invasion of Ukraine. Cyberint commented that the group could have said nothing but “as we suspected, Conti chose to side with Russia, and this is where it all went south.”
Soon after the post, a Twitter account named ContiLeaks began posting thousands of the group’s internal messages alongside pro-Ukraine comments. The account owner claims to be a “security researcher,” who has since stepped back from Twitter leaving with a final message which reads: “My last words… See you all after our victory! Glory to Ukraine!”
The documents revealed that Conti operates like any other tech company with clear management, finance, and human resource functions as well as a classic organizational hierarchy with team leaders reporting to upper management. Lotem Finkelstein, the head of threat intelligence at Check Point Software Technologies, commented: “Our … assumption is that such a huge organization, with physical offices and enormous revenue, would not be able to act in Russia without the full approval, or even some cooperation, with Russian intelligence services.”