Ransomware Group operates like a regular business, with HR department ‘Employee of the Month’


Leaked documents show that the Conti ransomware group operates like a regular business, with employees, bonuses, performance reviews and even “employees of the month”. CNBC announced April 13.

A series of leaked documents released on February 28 revealed the internal structures of Conti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021.

Here’s what the docs say:

  • Conti has clear management, finance and human resources functions, as well as a classic organizational hierarchy with team leaders who report to senior management.
  • Conti has physical offices in Russia and may have ties to the Russian government.
  • The group has employees, some of whom are paid in bitcoin.
  • Traders receive a commission on ransoms ranging from 0.5% to 1%.
  • Conti has an employee referral system, in which bonuses are given to employees who recruit others who have worked for at least a month.
  • An employee of the month earns a bonus equal to half of his salary.
  • Conti hires the services of Russian headhunters and criminal underground.
  • Some employees may not know they work for a cybercriminal group because Conti tells applicants they are an advertising group.

The Russian government has denied participating in cyberattacks.


Comments are closed.