I’m not happy with extorting $180 million from companies last year, the Conti ransomware gang is investing its extortion money into new money-making schemes. Since last summer, according to leaked details from the group, the Russian-linked cybercrime organization has been quietly developing its own blockchain-based social network and cryptocurrency platform. Its leader even suggested the opening of an online casino.
Conti’s unconventional expansion plans were revealed in 60,000 of the group’s chat messages and files, which were released by a Ukrainian cybersecurity researcher who infiltrated the group. The researcher, who has remained anonymous for security reasons, revealed the inner workings of the Conti ransomware gang on February 27 through a Twitter account after the hacker group supported Vladimir Putin’s invasion of Ukraine days earlier. WIRED has reviewed the documents in detail.
While many of the leaked chat messages detail the day-to-day workings of the notorious ransomware group, they also show how it plans to expand beyond corporate extortion. Cryptocurrency and social media schemes are some of the gang’s more absurd offerings. But they come at a time when law enforcement is cracking down on ransomware groups, including aggressive takedowns and arrests around the world.
Conti’s diversification efforts start at the top of the group. “Is there anyone among us who considers himself a guru of blockchain and trends,” said Stern, who is similar to Conti’s CEO, in private messages sent to dozens of Conti members last summer. “We want to create our own crypto system,” Stern continued, citing Ethereum code library Nethereum, blockchain platform Polkadot and cryptocurrency trading company Binance. Members of the gang, which at times numbered around 100, responded with loose ideas about how to develop the technology or ignorant answers. “I must have missed that wave,” replied one gang member.
“They even have a meeting where they talk about it,” said Alex Holden, CEO and founder of security firm Hold Security, who has watched Conti for years and knows the Ukrainian researcher who leaked the secrets. “They dive pretty deep into technology and ideas,” says Holden.
Stern’s subsequent announcements mentioned NFTs, decentralized finance, and decentralized peer-to-peer markets known as DEXs. These discussions continued for months. In February, just days before the Conti files leaked, Stern exchanged messages with a team member and discussed building a system using the Rust programming language and the potential for using smart contracts with ransomware. Conti also appears to be pitching cryptosystem ideas by holding a contest on a hacker forum, as first reported by investigative journalist Brian Krebs. The group was also linked to the multi-million dollar Squid Game crypto scam inspired by Netflix in November 2021, Krebs reported.
