Wednesday, January 17, 2024

Where Are They Now?

 The Conti Boys


By Dominic Alvieri
1/14/2024


Where Are They Now?


Ransomware groups have come and gone but few have continued to resonate across the criminal ransomware spectrum as the former members of Conti Ransomware. We all know the pipeline hacking name so let's cut to the chase.

Where are members of Conti? Start with the list below.

The list below does not include leaked source code offshoots like Monti or any others. All of the following groups can be attributed to former Conti. 

In alphabetical order:

Akira Ransomware, Black Basta, Black Byte, Black Suit (Royal Ransomware),  Karakurt Team, Three AM



Royal on the run.

Royal on The Run


Royal Ransomware was arguably on the run after their attack on the City of Dallas, Texas and has rebranded as Black Suit. Royal Black Suit of you like. Black Suit is active again.



Karakurt on an extended vacation.


100 Days Without Fam


By all accounts Karakurt has been inactive for over 100 days now. No posts. No attacks. No nothing.

So what happened? No speculations please.



Karakurt Team in high level discussions.






Black Byte Bitten


The Black Byte leak site was only active for a few hours over the past 2 months only producing a black and white logo change. That's it. I don't expect Black Byte to rebrand. Time will tell as it always does.




Akira Ransomware


Akira Akira. Not my favorite. Why don't we call him angry Conti. Angry Conti has set up his own thing including a cool retro site. Just a reminder that this cool retro site is trying to peg your system and steal your credentials as you browse their leak site. Phish your visitors. Great evil business model.




Black Basta


If there was ever a racist Conti this is it. More hateful. Targeted. The question is whether for Black Basta to retool or rebrand after the "Basta Busta" released. LockBit proved that you can continue without rebranding. Black Cat ransomware is also challenging what you would think to be the norm.





Black Basta was named by one of the most racist white guys ever. 





There are arguments to be made to include a few other names and strains. I fell like I missed a name or two. 

Don't mount a locker or hack illegally.



The Cyber Show.


Dominic Alvieri X- @AlvieriD
The Cyber Show
at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)

Typosquatting with Mikhail

The Infrastructure Boss by Dominic Alvieri April 10th, 2024 @AlvieriD What does a former Boris Yeltsin era Defense Minister for the Russian ...