The Rise and Fall of Conti with Geoff White | 37

As AI begins to outpace the defenders tasked with containing it, what happens when the very tools we build to protect us become the most sophisticated threat we've ever faced? In this episode, Ciaran and James speak with Chris Cochran, Field CISO and Vice President of AI Security at SANS Institute, to discuss AI and cyber defense. Chris shares his perspective on the rise of AI-driven attacks, why community matters for security leaders under pressure, and what it will take to keep AI safe. 

Highlights:

Geoff White background and reporting

A selection of Geoff’s work

• Rinsed | The Lazarus Heist | Crime Dot Com
• BBC Cyber Hack, The Lazarus Heist
• Geoff White

The Making of Conti

How Conti emerged from earlier Russian cybercrime networks to become one of the most disruptive ransomware operations of its time.

• Dangerous new Zeus malware fools anti-virus | 'Dyre' malware re-surfaces as 'TrickBot', targets Australian banks
• Russian Evgeniy Bogachev sought over cybercrime botnet | FBI Most Wanted: Evgeniy Bogachev
• Leaked documents show notorious ransomware group has an HR department, performance reviews and an 'employee of the month'
• The rise and fall of the Conti ransomware group | Global Initiative
• Conti Ransomware | CISA
• Reward for Information: Owners/Operators/Affiliates of the Conti Ransomware as a Service (RaaS)

High-profile attacks

Some of Conti’s most notorious attacks and the real-world consequences

• Graff: Jewellery firm Graff suffers ransomware attack, hackers begin leaking client details
• Conti apologizes for leaking Saudi royalty data, pledges a westward focus
• Russian cyber hackers who carried out 'virtual heist' on jewellers Graff make grovelling apology
• Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment
• Redcar and Cleveland: Redcar and Cleveland ransomware: Inside a council under cyber-attack
• A hostage to fortune: ransomware and UK national security
• HSE: HSE cyber attack: Govt says risk data will be abused
• Comment by Press Secretary of the Russian Embassy in Ireland on the Cyber Attack on the healthcare system of Ireland "Health Service Executive" (HSE) on May 14, 2021
• Irish cyber-attack: Hackers bail out Irish health service for free
• Cyber attacks more advanced five years on from HSE breach
• Costa Rica: President Rodrigo Chaves says Costa Rica is at war with Conti hackers
• Conti's Attack Against Costa Rica Sparks a New Ransomware Era
• A massive cyberattack in Costa Rica leaves citizens hurting
• Costa Rica ransomware attack (2022) - International cyber law: interactive toolkit

Conti’s collapse

How Conti fractured and the legacy it left behind

• Conti ransomware group announces support of Russia, threatens retaliatory attacks | CyberScoop
• Conti ransomware gang chats leaked by pro-Ukraine member | conti leaks (@ContiLeaks) / Posts / X
• The Trickbot/Conti Crypters: Where Are They Now? | IBM
• BlackBasta Ransomware Brand Picks Up Where Conti Left Off
• Conti's Legacy: What's Become of Ransomware's Most Wanted?
• Vitaly Nikolayevich Kovalev | Ransomware criminals sanctioned in joint UK/US crackdown on international cyber crime
• Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

Additional resources

Ransom War | Max Smeets 

Russian Cybercrime Rule No. 1: Don't Hack Russians  

M&S cyber attack: What we know about it and its impact | Co-op says cyber-attack cost it £206m in lost sales | Jaguar Land Rover posts heavy loss after cyber-attack 

Subscribe & Follow:

• Subscribe to the podcast on Apple Podcasts, Spotify, or your favorite podcast platform.
• Follow us on X, Facebook, and LinkedIn for updates.

Contact:

• Have questions or comments? Email us at cyberleadersnetwork@sans.org