The dark web leak site used by the notorious Conti ransomware gang has disappeared, along with the chat function it used to negotiate ransoms with victims. For as long as this infrastructure is down the group is unable to operate and a significent threat is removed from the pantheon of ransomware threats.
The Conti leak site is down (June 22, 2022)
Ransomware gangs like Conti use the threat of leaking stolen data on their dark web sites to extort enormous ransoms from their victims, making the sites a vital cog in the ransomware machine.
While the cause of the site’s disappearance isn’t known for sure, and criminal dark web sites are notoriously flaky, there is good reason to suspect that Conti has gone permanently.
However, while anything that stops Conti from terrorising businesses, schools, and hospitals is welcome, the disappearance of its leak site is unlikely to make potential ransomware victims any safer, sadly.
As we explained in our May ransomware review, recent research by Advintel suggests that Conti has spent the last few months executing a bizarre plan to fake its own death. If that is what’s happened, then the gang’s members have simply dispersed to other ransomware “brands” that are either operated by the Conti gang or affiliated to it.
Conti—as bad as they come
The gang behind Conti ransomware (called WizardSpider, although rarely referred to by that name) is believed to be based in Russia, and first appeared in 2020. The FBI recently called it “the