Freely subscribe to our NEWSLETTER

ContiLeaks, a rumored Ukrainian security researcher, released a massive record including hundreds of thousands of messages between members of the group.

The Check Point Research team and Brian Krebs took it upon themselves to scan the enormous volume of messages to get insights into the group’s operational activities. Here, Atlas VPN will distill the data even further to clearly show what the “office” of one of the largest, if not the largest, cybercrime groups looks like.

Coders compose the backbone of Conti. Coders are in charge of the nuts and bolts of the actual malware code, which is central to their whole ransomware operation.

Conti also has at least 9 testers and crypters, without whom it would be nearly impossible to deliver the malware. They work hand-in-hand to create solutions to allow the virus to pass through the latest security measures.

You can also find at least 6 ransomware operators inside Conti. Operators are the landline between the victim and the group. They speak directly with the victim representatives to negotiate the ransom and the process of payment.

How do salaries look like at Conti?

Some members, such as ransomware operators, are compensated through commissions, computed as a percentage of the paid ransom amount and range between 0.5% and 1%. Managers and programmers tend to get regular salaries. Payments are made once or twice a month in Bitcoin.

Like most other businesses, Conti offers bonuses for its top employees. What is outside of the norm is salary cuts due to underperformance. This would be against the law for companies that operate legally.

Also, logs from leaked messages reveal that even before getting hacked, the Conti group was dealing with internal issues and was struggling to pay their employees. One of their bosses went missing, supposedly due to increased public attention.

In short, it appears that it will be a while until Conti recovers and it is unlikely that we will see any major activity in the next couple of months.