The Conti ransomware gang has been thriving days after a Ukrainian security researcher dubbed "ContiLeaks" exposed the Russia-based ransomware group's internal chats on February 27, reports CyberScoop
"Conti is back and still operational and will pursue more targets. They're safe and sound," said AdvIntel CEO Vitali Kremez, who said that Conti was able to perform successful data breaches at two US-based firms by Monday.
Experts also noted that Conti
, which was not completely disabled during the incident, took the first few days after the leaks to move its infrastructure to new systems.
While the leaks have prompted reduced activity from Conti, it remains uncertain whether the group was totally inactive and the past few days have seen a return of botnet and command-and-control activity, said Recorded Future threat analyst Allan Liska.
Returning from significant disruptions is not uncommon among ransomware groups, according to Sophos Senior Security Adviser John Shier.
"Whenever one of these groups gets disrupted, the temptation is to celebrate a little bit, but there's always going to be that okay, well, what's next? Where are they going to pop up next, under what kind of new model potentially are they going to pop up? Because these groups can be fairly resilient," Shier said.