Recent leaks of the Conti ransomware gang
's malware source code, credentials, chat logs, and operational workflows after it had expressed support for Russia's invasion of Ukraine has not hindered its activity, with more than 70 victims added to the ransomware group's leak site last month, exceeding the average monthly victim count of 43 last year, SecurityWeek
Secureworks researchers found that Conti, which it tracks as Gold Ulrick, may have targeted more than 100 organizations in March after the ransomware gang claimed that half of their victims pay ransoms averaging $700,000. Moreover, over 30 new victims have been added to the website of Conti this month, including cookware distributor Meyer Corporation, industrial components provider Parker Hannifin, and wind turbine manufacturer Nordex.
"If GOLD ULRICK operations continue at that pace, the group will continue to pose one of the most significant cybercrime threats to organizations globally," said SecureWorks.
Meanwhile, a separate report from Intel 471 noted that Emotet has been leveraged by Conti to determine future targets.
"While not every instance of Emotet means that a ransomware attack is imminent, our research shows that there is a heightened chance of an attack if Emotet is spotted on organizations' systems," said Intel 471.