Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Nouvelles chaudes

This is how much the average Conti hacking group member earns a month

23 mars 2022 Hi-network.com

The average Conti ransomware group member earns a salary of$1,800 per month, a figure you might consider low considering the success of the criminal gang. 

On Wednesday, Secureworks published a set of findings based on the group's internal chat logs, leaked earlier this month and poured over by cybersecurity researchers ever since. 

Recommends

The best ethical hacking certifications

Becoming a certified ethical hacker can lead to a rewarding career. Here are our recommendations for the top certifications.

Read now

The internal messaging records were leaked online after Conti, tracked as Gold Ulrick by Secureworks, declared its public support for Russia's invasion of Ukraine, an ongoing conflict.  

Conti is a prolific ransomware group suspected to be of Russian origin that has claimed hundreds of victim organizations worldwide. The group will infiltrate a network -- whether independently or through the purchase of initial access through underground forums -- steal data, encrypt networks, and will then demand a ransom. Victims who refuse to pay up may find their information leaked online. 

Conti's average ransomware demand is roughly $750,000, but depending on the size and annual revenue of a victim, blackmail payments can be set far higher, sometimes reaching millions of dollars. 

Check Point researchers have previously scoured the Conti chat logs and exposed a rather "mundane" operation, the type you'd expect a typical software development business to run.

This included a business infrastructure offering office, hybrid, or remote work options, performance reviews, bonuses, and a hiring process for coders, testers, system administrators, and HR. 

While new members are interviewed, not everyone is told they are applying to work with a criminal outfit, as some 'employee' messages have revealed. However, they may be offered salaries far higher than the local average to stay when the truth comes out. 

According to Secureworks' analysis of the logs, containing 160,000 messages exchanged between almost 500 individuals between January 2020 and March 2022, there were 81 people involved in payroll, with an average salary of$1,800 per month. 

Payroll message to group leader Stern (Russian translation)

Secureworks

While core operators likely take a far larger slice of the pie, it is estimated that the average Russian household brings in$540 per month -- and so the 'salary' offered by cybercriminal groups could be a strong lure. Furthermore, with the value of the Ruble tumbling due to international sanctions, this may entice more to enter this market. 

In addition, Secureworks has found leaks between the "designated leader" of Conti, dubbed "Stern," and other cybercriminal groups. 

Stern is a figure described as someone who makes "key organizational decisions, distributes payroll, manages crises, and interacts with other threat groups." The team suspects that they also hold a leadership position in Gold Ulrick (Trickbot/BazarLoader). 

Secureworks also found connections to the cybercriminal groups Gold Crestwood (Emotet), Gold Mystic (LockBit), and Gold Swathmore (IcedID), although this may just be for communication and/or collaborative purposes. 

"The chats reveal a mature cybercrime ecosystem across multiple threat groups with frequent collaboration and support," the researchers say. "Members of groups previously believed to be distinct collaborated and frequently communicated with members of other threat groups. This interconnectivity shows these groups' motivations and relationships. It highlights their resourcefulness and ability to leverage subject matter expertise within the groups."

On March 20, an unnamed researcher -- believed to come from Ukraine -- also published a recent version of the Conti ransomware source code. The package was uploaded to VirusTotal for the benefit of cybersecurity defense teams but may also be adapted for use by threat actors. 

See also

  • New Conti ransomware source code leaked
  • CISA releases advisory on Conti ransomware, notes increase in attacks after more than 400 incidents
  • Working for a ransomware gang is surprisingly mundane, according to these leaks

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Tags chauds: technologie La sécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.
Our company's operations and information are independent of the manufacturers' positions, nor a part of any listed trademarks company.