Expanded and rephrased headline: The notorious Conti ransomware group gains auditacity, ignites chaos, and leaves users questioning the following steps.

Conti Ransomware Gang Dismantles Key Infrastructure, Remains a Threat

The notorious ransomware gang Conti has dismantled key pieces of its infrastructure and initiated a massive reset of operations earlier this month, according to cybersecurity researchers. The move comes after a series of events that have put the group under increased scrutiny from the U.S. government and law enforcement agencies.

Conti, known for its revenue-sharing model ransomware-as-a-service program, has been linked to hundreds of ransomware attacks during the last two years. The FBI alleges that the group is responsible for some of the most costly ransomware attacks ever documented, with the Conti ransomware variant being described as the "costliest strain of ransomware ever documented."

Recent events suggest that Conti's seemingly erratic activities of late may be a diversion by design. The group attacked Costa Rica's government infrastructure last month, hitting at least 27 institutions. Conti responded by doubling its initial ransom demand to $20 million. However, the group's operations appear to be in a state of flux.

The U.S. State Department offered a $15 million reward for information on Conti's leadership, and the revenue-sharing model ransomware-as-a-service program operated by Conti is probably closed or being tamped down. Yet, Conti's reorganization effort is ongoing, and members of the group still pose a significant threat.

Conti's data exfiltration activities commenced in 2019, and it started loading different malware packages designed as ransomware as a service in 2020. The group's association with Russia became a practical burden as mounting sanctions made ransom payments a potentially serious criminal violation.

While Conti is no longer operational, according to AdvIntel researchers, an affiliate using a ransomware as a service program operated by Conti may have been responsible for some of its attacks in Latin America. More than 1,000 victims have suffered attacks associated with Conti ransomware, with total victim payouts exceeding $150 million as of January 2022, according to the FBI.

The attack on Costa Rica helped Conti maintain the illusion of life while restructuring was taking place. The seemingly erratic activities, such as the attack on Costa Rica and the doubling of the ransom demand, may have been part of this strategy.

Meanwhile, the number of ransomware attacks on large organizations jumped 10% in the first 18 weeks of 2022, and the average initial ransom demand per incident stands at $6.1 million. As Conti's operations become more difficult to attribute to the group's leadership, it is crucial for organizations to remain vigilant and implement robust cybersecurity measures to protect against such attacks.

In a separate development, the former Continental Automotive division has been spun off and renamed Aumovio, launching as an independent, publicly-traded company focused on automated driving, software-defined vehicles, electronics, and brake systems starting September 2025. This spin-off has no known connection to the Conti ransomware gang.

Expanded and rephrased headline: The notorious Conti ransomware group gains auditacity, ignites chaos, and leaves users questioning the following steps.