If you thought Ransomware Groups were small and unsophisticated in their operations, you were wrong. What the Conti Ransomware leak taught us is exactly the opposite. They are a highly structured and differentiated organization not very much unlike legitimate orgs. Brian Krebs had a great article on this.
" The Conti group’s chats reveal a great deal about its internal structure and hierarchy. Conti maintains many of the same business units as a legitimate, small- to medium-sized enterprise, including a Human Resources department that is in charge of constantly interviewing potential new hires.
Other Conti departments with their own distinct budgets, staff schedules, and senior leadership include:
– Coders: Programmers hired to write malicious code, integrate disparate technologies
– Testers: Workers in charge of testing Conti malware against security tools and obfuscating it
– Administrators: Workers tasked with setting up, tearing down servers, other attack infrastructure
– Reverse Engineers: Those who can disassemble computer code, study it, find vulnerabilities or weaknesses
– Penetration Testers/Hackers: Those on the front lines battling against corporate security teams to steal data, and plant ransomware." Highly recommended read.
Discuss it on Hackbuster’s Forum. Read it here.