Conti Ransomware Group Explores Post-Encryption FutureAdvIntel's Vitali Kremez Says Data Theft Without Encryption Is Increasingly Common
The February leak of internal communications from Conti, one of the world's most notorious ransomware groups, highlighted the extent to which such cybercriminal groups are running sophisticated and innovative business operations, says Vitali Kremez, chairman and CEO of New York-based Advanced Intelligence, aka AdvIntel.
But as Conti has felt the heat, its senior management team hasn't hesitated to rethink its entire approach, including launching multiple smaller operations and retiring the "Conti" name to make the group less of a target, he says.
Another trend is for Conti and some other groups to move away from launching traditional ransomware attacks and instead apply malware and network penetration to steal data and use psychological tactics - sometimes powered by call centers - to extort companies, he says. Especially for publicly traded firms, attackers' primary aim is to compel a victim to pay a ransom, quickly and quietly, in return for a promise from attackers to quietly delete the stolen data, he says.
In a video interview with Information Security Media Group at RSA Conference 2022, Kremez also discusses:
- Upsides and downsides of the leaks of the Conti's internal communications;
- The future of ransomware as a criminal enterprise;
- Attackers' increasing focus on data exfiltration, sometimes avoiding crypto-locking entirely.
Kremez, who has led AdvIntel since June 2020, oversees the company's strategic, market and business operations. He is a renowned cybersecurity expert, malware course author, speaker, blogger and columnist. Kremez's previously served as head of an antivirus provider's cybersecurity intelligence center, and before that as a cybercrime analyst for the New York County District Attorney's Office, where he partnered with the U.S. Secret Service, FBI, Department of Homeland Security, Royal Canadian Mounted Police and Spanish Civil Guardia. Kremez's work helped prosecutors and other offices deliver successful indictments for many high-profile investigations involving data breaches, network intrusions, ransomware, computer hacking, intellectual property theft, credit card fraud, money laundering and identity theft cases.