Mon | May 23, 2022 | 3:45 AM PDT

The infamous Russian-based ransomware gang that has wreaked havoc on organizations around the world has officially announced it is shutting down operations.

The news of Conti came from Advanced Intel's Yelisey Boguslavskiy, who recently tweeted this:

Boguslavskiy spoke with Bleeping Computer about Conti, saying its public-facing data leak and ransomware negotiation site are still online, while the Tor admin panels used by members to perform negotiations and publish "news" on their data leak site are now offline.

It is certainly an intriguing time for Conti to make this announcement, as the gang recently pulled off a high-profile attack on the Parker Hannifin Corporation, as well as the ongoing incident with the government of Costa Rica.

Costa Rica's newly elected President, Rodrigo Chaves, was forced to declare a state of emergency after Conti infiltrated multiple government agencies and demanded a ransom payment of $10 million. Though this attack was carried out by a single threat actor known as unc1756, who left this note:

Conti threats to the Costa Rican government

Boguslavskiy also said that he believes Conti used this attack on Costa Rica as a diversion tactic, while group members split off into smaller ransomware operations.

Perhaps this attack was indeed a precursor to Conti's split. Advanced Intel explains in a report:

"However, AdvIntel's unique adversarial visibility and intelligence findings led to, what was in fact, the opposite conclusion: The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived.

The agenda to conduct the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. Internal communications between group members suggested that the requested ransom payment was far below $1 million USD (despite unverified claims of the ransom being $10 million USD, followed by Conti’s own claims that the sum was $20 million USD)."

This is certainly not the first time we've seen a ransomware group "shut down" or "rebrand." Most seem to resurface before too long, usually taking a hiatus after pulling off a very successful ransomware attack that grabs the attention of law enforcement. 

In 2021, we saw REvil, another well-known Russian gang, make a comeback after disappearing for months. Before vanishing and making a comeback, the group pulled off two of the highest profile attacks of the year, targeting JBS Foods and Kaseya.

How long will it be before we see Conti, or Conti-like groups, reemerge?