BleepingComputer reports that the Conti ransomware group has completed its shutdown with the dismantling of its two Tor servers for data leaks and ransomware negotiations.
Conti was reported by threat intelligence analyst Ido Cohen to have shut down its servers on Wednesday, with BleepingComputer confirming that the servers remained offline yesterday. Conti has been taking apart its infrastructure since last month following the exposure of its internal chats and ransomware encryptor source code while its members began transitioning to other ransomware groups but did leave one member to continue threatening Costa Rica.
"The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived," said Advanced Intel in a report last month.
Despite Conti's apparent shutdown, Yelisey Boguslavskiy of Advanced Intel noted the syndicate's continued operation in smaller groups.
Conti ransomware infrastructure dismantled
The Conti ransomware group has completed its shutdown with the dismantling of its two Tor servers for data leaks and ransomware negotiations.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.