Leaked documents show that the Conti ransomware group operates like a regular business, with employees, bonuses, performance reviews and even “employees of the month”. CNBC announced April 13.
A series of leaked documents released on February 28 revealed the internal structures of Conti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021.
Here’s what the docs say:
- Conti has clear management, finance and human resources functions, as well as a classic organizational hierarchy with team leaders who report to senior management.
- Conti has physical offices in Russia and may have ties to the Russian government.
- The group has employees, some of whom are paid in bitcoin.
- Traders receive a commission on ransoms ranging from 0.5% to 1%.
- Conti has an employee referral system, in which bonuses are given to employees who recruit others who have worked for at least a month.
- An employee of the month earns a bonus equal to half of his salary.
- Conti hires the services of Russian headhunters and criminal underground.
- Some employees may not know they work for a cybercriminal group because Conti tells applicants they are an advertising group.
The Russian government has denied participating in cyberattacks.
