Conti Group Investigations: An Analysis Of The Risks Posed to the Australian Market

Part 3: The risks posed to the Australian Market by the Conti Group

This is the third part of a three-part investigative series on the Russian based Ransomware-as-a-Service (RaaS) group Conti.

Each blog in the series, and our in-depth downloadable reports, focus on different aspects of Conti Group.

The three parts of this series include:
Part 1: Conti Group’s Financial Structure and Transaction History
Part 2: Conti Group’s Organisational Structure, HR and Recruitment Processes
Part 3: The Risks Conti Group Pose to the Australian Market

Who are Conti Group?

Conti is a ransomware-as-a-service (RaaS) hacking group, which also allows affiliates to rent access to its infrastructure to launch attacks. Experts say Conti is based in Russia and may have ties to Russian intelligence.

On the 27th of February 2022 an alleged Ukrainian member of the group leaked a significant amount of information related to the group. This is in reply to the group publicly showing its support for the Russian invasion.

Our WorldStack intelligence team have analysed these chat logs, resulting in this three-part series on the Conti Group.

Key Findings on Conti Group’s threat to the Australian market:

Leveraging the findings of the first two parts in this series, WorldStack analysts have continued to analyse the leaked chat logs of the Conti Group and their recent uploads to the ‘name-and-shame’ blog site.

  • Conti affiliates have successfully deployed ransomware campaigns on corporate systems in a variety of sectors in Australia
  • Conti affiliates are known to implement the ‘double extortion’ technique by uploading stolen victim data obtained through the commission of the attack in part or full and threatening to sell and/or release additional information if the demands of their ransoms are not met
  • Threat actors involved in the deployment of the Conti ransomware use a range of vectors to gain initial access into victim networks, including exploitation of unpatched vulnerabilities in remote access solutions
  • Conti ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption.

Download the full report

Download our full report, Part 3: The risks posed to the Australian Market by the Conti Group, learn about the above key findings and get a greater understanding of key elements regarding the group’s operations and the subsequent risks it poses to the Australian market.

Download the report