<— Back

CONTI Leaks: Behind the curtain of ransomware operations

Conti Leaks – a dump of internal Conti ransomware gang conversations from the last two years offers an unprecedented insight into the inner workings of a multimillion-dollar cybercrime organization. In our talk, we first describe our approach to analyzing this massive data leak. Next, we will share insights into the operational side of the gang, such as organizational structure, HR, and nuances of offline and online collaboration. Finally, we will focus on Conti negotiation team’s conversations and talk about the business side of ransomware operation, such as their processes in defining extortion demands and techniques for negotiation with victims.

Michael Abramzon

Michael Abramzon is a Technology Leader and a former Team Leader in the Threat Intelligence group of Check Point Research. For the last seven years, Michael has been involved in various research fields, from analyzing large-scale campaigns and APT groups, to developing open-source tools such as Vba2Graph.

Sergey Shykevich

Sergey leads the Threat Intelligence Group of Check Point, which monitors, analyzes and researches cyber threats around the world.

Prior to joining Check Point, Sergey led cyber threat intelligence and cyber defense teams in the elite Unit 8200 of the Israeli Intelligence Forces. More recently, Sergey led the threat intelligence and the research in Q6 Cyber, US based cybercrime intelligence company.

Sergey is a frequent speaker on different industry conferences, including DCC, Underground Economy,  BSides, FraudCON, etc.