My how the tables have turned.  An organization that since 2017 has been infiltrating organizations, dropping ransomware payloads to encrypt and exfiltrate data to later be leveraged for a ransom, has a cool cold slap to the face with a large trout case of karma.  CONTI leaks on twitter started dropping files which revealed the internal chats of the organization on February the 27^th.  Since then, more files have been uploaded, showing the recruitment process of hiring new employees, induction documentation and HOWTO’s on how to hack and deploy the ransomware payloads.

The insight into this organization is no different to any other, they have sales, marketing, administration, payroll and developers. 

They seem to have normal hours and encourage each other to get sleep if they are working too hard. 

And had pretty good dashboards to show the company's current pipeline, just like we all have.  A ransomware CRM if you will.

The truth is they were running one hell of an enterprise, in fact this is what their BTC account looked like.

Yup you read that correctly 65,498 Bitcoins.  I made a easy to review graph below based on where you are to understand just how much that is, cause its a lot.

ZAR = R 43 841 065 425

USD = $ 2 848 274 310

GBP = £ 2 124 532 403

I read one of the induction documents labeled “old school spirit” which was translated from the Russian “дух старой школы”.  Get the job done culture was created from the very beginning and ensuring that clear simple code was used with only results matter approach.

Look, all of this was to defraud companies from money, and that’s illegal.  However, I am still impressed at the speed this organization worked at, their internal training process, and their overall focus on getting things done.  It’s why they became the biggest in the world. 

How can organizations even think of defending themselves against a super sophisticated team when they themselves don’t even have the most basic processes in place in their own organizations?

The bottom line is if companies are going to defend themselves from ransomware attacks in the future, they are going to have to learn this “Get if done” mentally we see from the CONTI organization.  But not on profit and sales, it must be a focus on IT Security and Company culture.  Does everyone in the company have MFA enabled with a really strong password that is only used in one place?  Do you have security dashboards to show potential threats? Do you have training materials to help educate everyone? Do you have an open chat where people can ask questions and get answers?  It's not the be all and end all but it's for sure a great place to get started.