Big Business: Ransomware Gang Has HR Department,’Employee of the Month’ Awards

Many russian hackers in troll farm. Cyber crime and security concept. Russia flag in backg
vchal /iStock / Getty Images Plus

According to a recent report, one of the most prolific ransomware groups of 2021 operates in a manner similar to a legitimate business with a human resources department, employee performance reviews, and even an employee of the month award. The gang has reportedly generated $2.7 billion in cryptocurrency through their illegal schemes.

CNBC reports that leaked documents have revealed the details of a Russian hacker group identified by the FBI as one of the most prolific ransomware hacking groups of 2021. When thinking of hacker groups, many may picture dark bedrooms and teenagers using their computer knowledge to hold companies’ precious data ransom, but according to a series of leaked documents, this ransomware group even has physical offices.

The Associated Press

FILE – In this May 13, 2017 file photo, a screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan. (AP Photo/Mark Schiefelbein, File)

According to Shmuel Gihon, a security researcher at the threat intelligence firm Cyberint, the ransomware hacking group known as Conti emerged in 2020 and has since grown into one of the biggest ransomware operations in the world. The group is estimated to have around 350 members who have generated $2.7 billion in cryptocurrency in just two years.

The FBI warned in its Internet Crime Report 2021 that the ransomware used by Conti was among the “three top variants” that targeted critical infrastructure in the United States last year. The FBI stated that Conti “most frequently victimized the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.”

The document leak appears to be an act of revenge prompted by a post made by Conti following Russia’s invasion of Ukraine. Cyberint commented that the group could have said nothing but “as we suspected, Conti chose to side with Russia, and this is where it all went south.”

Soon after the post, a Twitter account named ContiLeaks began posting thousands of the group’s internal messages alongside pro-Ukraine comments. The account owner claims to be a “security researcher,” who has since stepped back from Twitter leaving with a final message which reads: “My last words… See you all after our victory! Glory to Ukraine!”

The documents revealed that Conti operates like any other tech company with clear management, finance, and human resource functions as well as a classic organizational hierarchy with team leaders reporting to upper management. Lotem Finkelstein, the head of threat intelligence at Check Point Software Technologies, commented: “Our … assumption is that such a huge organization, with physical offices and enormous revenue, would not be able to act in Russia without the full approval, or even some cooperation, with Russian intelligence services.”

Read more at CNBC here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.