Ransomware has become a multi-billion dollar industry, and roughly 15% of its business is done through a single group called Wizard Spider. This group, believed to work closely with the Russian government and continue to be investigated by the FBI and Interpol, has used the Conti ransomware strain in more than 400 known attacks. While the media refer to the group as the “Conti Ransomware Gang”, the group does not see itself as a gang. The group is seen more as a company.
Business is booming
As they get bigger and more profitable, criminal groups like Wizard Spider often emulate legitimate business practices. Victim organizations are renamed “customers”, blackmail attempts become “negotiations” and criminal colleagues are referred to as “partners”. Their special site on the dark web even contains a collection of “press releases”.
The group’s “business model” includes training independent partners in the deployment of the ransomware and then reducing the …