Notorious ransomware gang Conti shuts down, but not for good

The ransomware group known as Conti has officially shut down, with all of its infrastructures now offline.

Although this might seem like good news, it’s only good on the surface — Conti is not over, it has simply split into smaller operations.

Advanced Intel

Conti was launched in the summer of 2020 as a successor to the Ryuk ransomware. It relied on partnerships with other malware infections in order to distribute. Malware such as TrickBot and BazarLoader was the initial point of entry for Conti, which then proceeded with the attack. Conti proved to be so successful that it eventually evolved into a cybercrime syndicate that took over TrickBot, BazarLoader, and Emotet.

During the past two years, Conti carried out a number of high-profile attacks, targeting the City of Tulsa, Advantech, and Broward County Public Schools. Conti also held the IT systems of Ireland’s Health Service Executive and Department of Health ransom for weeks and only let go when they were facing serious trouble from law enforcement around the world. However, this attack gave Conti a lot of attention from the global media.

Most recently, it targeted the country of Costa Rica, but according to Yelisey Bogslavskiy of Advanced Intel, the attack was just a cover-up for the fact that Conti was disbanding the whole operation. Boguslavskiy told Bleeping Computer that the attack on Costa Rica was made so public in order to give the members of Conti time to migrate to different ransomware operations.

“The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $1 million (despite unverified claims of the ransom being $10 million, followed by Conti’s own claims that the sum was $20 million),” says a yet-to-be-published report from Advanced Intel, shared ahead of time by Bleeping Computer.

Conti ransomware group logo.

The ultimate end to Conti was brought on by the group’s open approval of Russia and its invasion of Ukraine. On official channels, Conti went as far as to say that it will pool all of its resources into defending Russia from possible cyberattacks. Following that, a Ukrainian security researcher leaked over 170,000 internal chat messages between the members of the Conti group, and ultimately also leaked the source code for the gang’s ransomware encryptor. This encryptor was later used to attack Russian entities.

As things stand now, all of Conti’s infrastructure has been taken offline, and the leaders of the group said that the brand is over. However, this doesn’t mean that Conti members will no longer pursue cybercrime. According to Boguslavskiy, the leadership of Conti decided to split up and team up with smaller ransomware gangs, such as AvosLocker, HelloKitty, Hive, BlackCat, and BlackByte.

Members of the previous Conti ransomware gang, including intel analysts, pentesters, devs, and negotiators, are spread throughout various cybercrime operations, but they are still part of the Conti syndicate and fall under the same leadership. This helps them avoid law enforcement while still carrying out the same cyberattacks as they did under the Conti brand.

Conti was considered one of the most expensive and dangerous types of ransomware ever created, with over $150 million of ransom payments collected during its two-year stint. The U.S. government offers a substantial reward of up to $15 million for help in identifying the individuals involved with Conti, especially those in leadership roles.

Editors’ Choice

Repost: Original Source and Author Link

Tech News

Google Measure AR app joins the notorious graveyard

Google is not one to one to “retire” apps, services, and products, sometimes with little prior notice. That’s true for products that have cost Google a lot of money as well as some products that do make Google some money, it’s even more true for those that don’t. Apps come and go, regardless of their importance or significance, and one of the most recent to get the boot is Measure, one of Google’s earliest mobile AR apps and one that it used to highlight its AR technology even before mobile AR became a thing.

Google may have actually been one of the first to push the idea of using phones for AR and VR but those may have now become just footnotes in history. Half a decade or so ago, Google and Lenovo tried to push the idea which was then called Project Tango in a few commercial products, including a gigantic phone and a tablet. That’s all in the past now, and so is one of Project Tango’s earliest apps.

Measure did exactly what its name says, or at least tried to. Using just the phone’s cameras and some AR and AI magic, users would be able to draw lines in the camera’s viewfinder to measure objects. As magical as that may sound, it didn’t always work accurately but could at least offer rough estimates when a proper measuring wasn’t available.

Despite being still listed on Google’s AR and VR experiences site, the Measure AR app no longer exists on Google Play Store. The app will still work for those who still have it installed but you will no longer be able to find it or even reinstall it if you had removed it before. For all intents and purposes, that piece of Google’s AR history is now gone.

Of course, it isn’t uncharacteristic for Google to pull the plug on apps, especially minor ones like Measure. Google does still have other AR experiences available and seems to be betting on WebXR as the way forward. Given how it has been inconsistent in VR and AR commitments, however, silent moves like this might not exactly inspire confidence.

Repost: Original Source and Author Link