Ransomware, Threat Management

TrickBot operation usurped by Conti ransomware

BleepingComputer reports that the Conti ransomware gang has already taken over the TrickBot malware operation. AdvIntel researchers noted that while TrickBot had the Ryuk ransomware group as its partner for achieving initial network access, only Conti has been given the malware's high-quality network access supply last year, when the stealthier BazarBackdoor had already been developed by TrickBot developers as a means to better evade detection. However, Conti has effectively made TrickBot its subsidiary after it had hired its developers and managers by the end of 2021, enabling it to control the development of BazarBackdoor, which has now become its primary initial access tool, according to researchers. "After being “acquired” by Conti, [TrickBot leaders] are now rich in prospects with secure ground beneath them, and Conti will always find a way to make use of the available talent," said AdvIntel. Researchers also noted that despite the takeover, TrickBot will continue its operations against high-value targets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.