The GOLD ULRICK group, which operates the Conti name-and-shame ransomware scheme, seems to have adapted well to the massive data leak of Conti’s source code. According to recent statistics, the Conti ransomware group is still active and flourishing despite facing massive data leaks

Diving into details

According to researchers, the massive data leaks, which resulted in the public disclosure of their communications and operational information, seem to have put no stop to Conti or its operators GOLD ULRICK.  
  • The number of Conti victims in March increased to the second-highest monthly count since January 2021.
  • GOLD ULRICK group added 11 victims in the first four days of April. Moreover, the malware authors have worked to evolve their ransomware, intrusion methods, and approach in response to the public leak of their arsenal.
  • The recent findings are corroborated by the NCC Group, which states that the group operated its cybercrime business as usual by infecting networks, exfiltrating data, and deploying ransomware.
  • Further, a member of the group named Jordan Conti has confirmed the continuation of their operations without any disruptions.

On February 27, @ContiLeaks Twitter had started leaking GOLD ULRICK data and communications.

Emotet and Conti connection

The recent leaks disclosed information regarding the relationship between Emotet and Conti.
  • On the basis of an analysis of the leaked information and its monitoring of Emotet campaigns, Intel 471 found out that Emotet victims are added to a pool of potential victims of Conti.
  • The Emotet operation is separate from Conti, however, believed to rely on Emotet to find its victims.
  • The system information gathered by Emotet and access is used by Conti to select their next victims.

Conclusion

Despite the massive leak of operational information and its communication, the GOLD ULRICK group remained active. Further, a collaboration between Emotet and Conti is a concerning factor as well. Therefore, organizations should share threat intelligence on this threat with each other for better protection.
Cyware Publisher

Publisher

Cyware