![](\"https:\/\/media.wired.com\/photos\/62328918b1a170ff09f499a3\/master\/pass\/security-conti-ransomware.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Thu, 17 Mar 2022 11:00:00 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Not satisfied with<\/span> extorting $180 million from companies last year, the Conti ransomware gang is investing its coerced cash in new moneymaking schemes. Since last summer, according to leaked details from the group, the Russia-linked cybercrime organization has been quietly developing its own social network and blockchain-based cryptocurrency platform. Its leader even suggested opening an online casino.<\/p>\n Conti\u2019s unconventional expansion plans were revealed in 60,000 of the group\u2019s chat messages and files<\/a>, which were published by a Ukrainian cybersecurity researcher who infiltrated the group. The researcher, who has remained anonymous for safety reasons, exposed the Conti ransomware gang\u2019s inner workings on February 27 via a Twitter account<\/a> after the hacking group backed Vladimir Putin\u2019s Ukraine invasion days earlier. WIRED has reviewed the documents in detail.<\/p>\n By <\/span>Matt Burgess<\/a><\/span><\/span><\/p>\n While many of the leaked chat messages detail the daily workings of the notorious ransomware group<\/a>, they also show how it\u2019s planning to expand beyond corporate extortion. The cryptocurrency and social media schemes are some of the more absurd proposals from the gang. However, they come at a time when law enforcement bodies are disrupting ransomware groups, including conducting aggressive takedown actions<\/a> and making arrests<\/a> around the world<\/a>.<\/p>\n Conti\u2019s diversification efforts start at the top of the group. \u201cIs there anyone among us who considers himself a guru of blockchain and trends,\u201d Stern, Conti\u2019s CEO-like character, said in private messages sent to dozens of Conti members last summer. \u201cWe want to create our own crypto system,\u201d Stern continued, citing the Ethereum code library Nethereum, blockchain platform Polkadot, and cryptocurrency trading company Binance. Members of the gang, which at times numbered around 100, replied with loose ideas about how to develop the technology, or with clueless responses. \u201cI must have missed that wave,\u201d one gang member replied.<\/p>\n \u201cThey even hold a meeting talking about this,\u201d says Alex Holden, the CEO and founder of security firm Hold Security, who has watched Conti for years and knows the Ukranian researcher who leaked its secrets. \u201cThey dive fairly deeply into the technology and ideas,\u201d Holden says.<\/p>\n Stern\u2019s follow-up messages mention NFTs, decentralized finance<\/a>, and peer-to-peer decentralized marketplaces known as DEX. These discussions have lasted months. In February, just days before the Conti files were leaked, Stern traded messages with one member of the team and discussed creating a system using the Rust programming language and the potential to use smart contracts with ransomware<\/a>. Conti also appeared to drum up ideas for a cryptosystem by holding a competition on a hacker forum, as first reported by investigative journalist Brian Krebs<\/a>. The group was also linked to a multimillion-dollar Netflix-inspired Squid Game crypto scam<\/a> in November 2021, Krebs reported.<\/p>\n While it's unclear exactly how far along the development of the crypto platform is, Holden says he saw the gang members sharing a screenshot of a mockup cryptocurrency platform called Bablo, which roughly translates to \u201cloot,\u201d in July 2021. This was around the same time Stern messaged the group about developing the system. The logo for Bablo incorporated the \u201cB\u201d from Bitcoin\u2019s logo.<\/p>\n The interest in cryptocurrency platforms is all about moving money, Holden says. \u201cMy explanation is that these guys want to control and be able to launder money,\u201d he explains. \u201cIf they are able to launder the money, for example, they can move stolen proceeds into their own platform, they can hide or otherwise obfuscate their money trail.\u201d<\/p>\n The vast majority of ransomware payments are made using cryptocurrencies. Blockchain tracking firm Chainalysis identified more than $600 million in crypto ransomware payments in both 2020 and 2021<\/a>\u2014Conti was the most prolific group. However, law enforcement bodies and investigators are becoming more adept at following ransomware payments on the blockchain<\/a> and identifying individuals involved in the ransomware gangs.<\/p>\n By creating its own system, Conti could potentially help members avoid the attention of law enforcement. \u201cThey want to exercise more autonomy over their finances,\u201d says Vitali Kremez, the CEO of security company AdvIntel. Creating any blockchain-based system, Kremez says, would potentially give Conti the \u201cfreedom to cash out and make their ransomware payouts easier than relying on any public crypto ledger.\u201d Kremez says a cybercrime gang creating its own payment system wouldn't be totally unheard-of and fits with \u201cprevious philosophies.\u201d<\/p>\n While a crypto platform may make some sense for the day-to-day running of Conti, its efforts to create a social network appear to lack a clear direction. Several high-profile Conti members have been involved in conversations about the development. These include Stern and Mango, a Conti general manager who reports directly to the boss and makes sure Conti\u2019s members get paid<\/a>.<\/p>\n \u201cWe make a social network primarily for ourselves and the community,\u201d Mango explained to Conti member Ghost, after they had discussed it with Stern. Mango said it could be like Russia\u2019s biggest social media website, VKontakte (aka VK), but with a twist: It would be for the \u201cdarknet.\u201d<\/p>\n In July 2021, Stern explained to Mango that the social network is meant to be a commercial product. They said it would be a centralized, \u201ccode closed\u201d system\u2014much like Facebook, Twitter, and all other major social media platforms. The \u201cmain thing,\u201d Stern said, would be \u201ctrade.\u201d Communications and news could be added later.<\/p>\n As with its crypto project, Conti has created designs of what a social network could look like; two designs were shared in July 2021 and they appear to use the same designer. Using the name Wild Kingdom, the mockups show a logged-in user who is looking at another person\u2019s profile page. An account\u2019s most recent activity, contact information, when they were last active, and an option to message them are visible. There\u2019s also space for advertisements. The social media mockups also fold in Conti\u2019s crypto interests; they show how much bitcoin an account has.<\/p>\n \u201cEveryone will be there,\u201d Stern said in messages to Mango. \u201cReporters. Ordinary users. Buyers. There must be at least 1 million people on the social network.\u201d Getting carried away, Stern even proposed turning to gambling: \u201cMaybe we\u2019ll make a casino.\u201d<\/p>\n Despite Conti spending money and development time on these side projects, neither of them seem to have launched. And it\u2019s likely they never will, says Kimberly Goody, director of cybercrime analysis at security firm Mandiant. \u201cI don't think that some of those are achievable or realistically obtainable for them,\u201d Goody says. However, she adds, it does show Conti has \u201cbig aspirational goals as an organization.\u201d<\/p>\n Conti, or at least its senior members, are contemplating their life beyond ransomware. \u201cThey're not just individuals that are concerned about payouts,\u201d Kremez says. \u201cThey're thinking about legacy, thinking about the long-term future.\u201d<\/p>\n