{"id":47588,"date":"2022-07-19T19:24:43","date_gmt":"2022-07-19T19:24:43","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/breakup-conti-ransomware-members-dangerous"},"modified":"2022-07-19T19:24:43","modified_gmt":"2022-07-19T19:24:43","slug":"post-breakup-conti-ransomware-members-remain-dangerous","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/","title":{"rendered":"Post-Breakup, Conti Ransomware Members Remain Dangerous"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Two months after the infamous Conti ransomware gang ceased operations, several of its members remain as active as ever either as part of other ransomware groups or as independent contractors focused on data theft, initial network access, and other criminal endeavors.<\/p>\n<p>Separately, they remain as dangerous to organizations as they used to be as members of a single gang, according to Intel 471. Its researchers have been tracking Conti actors as they have moved in different directions since the group dissolved in May.&nbsp;<\/p>\n<p>The cessation of operations appears to be a bid by the group&#8217;s operators to distance themselves from the brand more than anything else. In a new report, the threat intelligence firm speculates that once law-enforcement attention around the Conti group wanes, it&#8217;s likely that its now-scattered members will <a href=\"https:\/\/intel471.com\/blog\/conti-break-up-contileaks-july-2022\" target=\"_blank\" rel=\"noopener\">regroup and form another criminal organization<\/a> similar in structure to the original.<\/p>\n<p>&#8220;In order to defend their enterprises, security practitioners need to understand how cybercriminals organize their operations,&#8221; says Brad Crompton, director of intelligence for Intel 471&#8217;s shared services group. &#8220;Even though Conti is defunct, former operators are still using similar [tactics, techniques, and procedures], which means security teams can still use their prior strategies in stopping similar attacks rather than ignoring them altogether in light of Conti&#8217;s demise.&#8221; <\/p>\n<h2 class=\"regular-text\">Most-Destructive Ransomware Group<\/h2>\n<p>The Conti group is widely regarded within the security industry as one of the most destructive ransomware operations of all time. The predominantly Russia-based group first surfaced in 2020, and has used a variety of tactics to break into victim networks&nbsp;\u2014 including via spear-phishing campaigns, stolen Remote Desktop Protocol credentials, software vulnerabilities, and poisoned software.<\/p>\n<p>The FBI estimated that by January, the gang had collected some $150 million in ransom payouts from more than 1,000 victims worldwide\u2014including more than 400 in the US. The scale of its destruction prompted the US State Department in May to announce a <a href=\"https:\/\/www.state.gov\/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice\/\" target=\"_blank\" rel=\"noopener\">$10 million reward<\/a> for information leading to the identification and\/or location of key individuals of the gang. The State Department offered another $5 million for information leading to the arrest and conviction of individuals participating in attacks involving Conti ransomware incidents. <\/p>\n<h2 class=\"regular-text\">Leaking a Window into Conti&#8217;s Operations<\/h2>\n<p>In May, a Ukrainian member of the gang <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/what-the-conti-ransomware-group-data-leak-tells-us\" target=\"_blank\" rel=\"noopener\">publicly released a big trove of Conti&#8217;s internal conversations<\/a> after the Conti team officially announced its support for the Russian government&#8217;s invasion of Ukraine. Information from that leak, and another <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/translated-ransomware-playbook-gives-insight-into-gang-operations\" target=\"_blank\" rel=\"noopener\">previous leak in September 2021<\/a> showed the Conti ransomware operation <a href=\"https:\/\/www.trellix.com\/en-au\/about\/newsroom\/stories\/threat-labs\/conti-leaks-examining-the-panama-papers-of-ransomware.html\" target=\"_blank\" rel=\"noopener\">was structured along the lines of a formal business<\/a> complete with a physical office, scheduled working hours, managers at various tiers and separate departments for HR, coding, training, testing, intelligence gathering, and other functions.&nbsp;<\/p>\n<p>The FBI, the National Security Agency (NSA),&nbsp;and the US Cybersecurity and Infrastructure Security Agency (CISA) <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/cisa-fbi-nsa-warn-of-increase-in-conti-ransomware-attacks\" target=\"_blank\" rel=\"noopener\">earlier assessed that Conti&#8217;s developers used a ransomware-as-a-service model<\/a> to distribute their malware. But instead of taking a cut of the ransom from affiliates \u2014 as is usually the case with ransomware-as-a-service \u2014 Conti&#8217;s developers paid attackers a flat fee for deploying their malware on victims&#8217; networks.<\/p>\n<p>Significantly, the leaks also appeared to confirm widely held suspicions about a link between Conti&#8217;s developers and Russia&#8217;s Federal Security Service (FSB).<\/p>\n<h2 class=\"regular-text\">Rebrand &amp; Regroup?<\/h2>\n<p>In mid-May, Conti&#8217;s developers seemingly abruptly began shutting down infrastructure \u2014 such as admin panels, servers, proxy hosts, chatrooms, and a negotiations service site \u2014 likely in response to the high level of attention it had managed to attract from law enforcement and media. A few weeks later, it also shut down a site it had used to name-and-shame victims that refused to pay a ransom.&nbsp;<\/p>\n<p>One analysis by AdvIntel at the time concluded that the group&#8217;s main actors had already put in place <a href=\"https:\/\/www.advintel.io\/post\/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape\" target=\"_blank\" rel=\"noopener\">plans to continue the operation under various guises<\/a> a few months before its official shutdown.<\/p>\n<p>The Black Basta ransomware gang, which started operations in April, or one month before Conti&#8217;s official exit from the ransomware scene appears to be one such operation. Intel 471 said its analysis of the group&#8217;s activities show that Black Basta&#8217;s infrastructure \u2014 such as its payment and data leak sites, its payment site, recovery portals, and communication and negotiation methods \u2014 have overlaps with Conti&#8217;s operations. <\/p>\n<p>Intel 471 also&nbsp; has identified two other ransomware operations \u2014 BlackByte and Karakurt \u2014 that have similar, significant overlaps with Conti and in fact may simply be rebranded Conti operations. In addition, some Conti affiliates and managers have forged alliances with other ransomware teams, including Ryuk, Maze, <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/without-conti-on-the-scene-ransomware-attacks-fell-in-may\" target=\"_blank\" rel=\"noopener\">LockBit 2.0<\/a>, BlackCat, Hive, and HelloKitty. According to&nbsp;Intel 471, it is possible also that other actors could use leaked Conti source code to developer their own ransomware and decryption tools.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/breakup-conti-ransomware-members-dangerous\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The gang&#8217;s members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/breakup-conti-ransomware-members-dangerous\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-47588","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-19T19:24:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Post-Breakup, Conti Ransomware Members Remain Dangerous\",\"datePublished\":\"2022-07-19T19:24:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/\"},\"wordCount\":785,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf573d0ca5a8afc3d\\\/62d6f4df50a6350f0ac43faf\\\/conti_JLStock_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/\",\"name\":\"Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf573d0ca5a8afc3d\\\/62d6f4df50a6350f0ac43faf\\\/conti_JLStock_shutterstock.jpg\",\"datePublished\":\"2022-07-19T19:24:43+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf573d0ca5a8afc3d\\\/62d6f4df50a6350f0ac43faf\\\/conti_JLStock_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltf573d0ca5a8afc3d\\\/62d6f4df50a6350f0ac43faf\\\/conti_JLStock_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/post-breakup-conti-ransomware-members-remain-dangerous\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Post-Breakup, Conti Ransomware Members Remain Dangerous\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/","og_locale":"en_US","og_type":"article","og_title":"Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-07-19T19:24:43+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Post-Breakup, Conti Ransomware Members Remain Dangerous","datePublished":"2022-07-19T19:24:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/"},"wordCount":785,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/","url":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/","name":"Post-Breakup, Conti Ransomware Members Remain Dangerous 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg","datePublished":"2022-07-19T19:24:43+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltf573d0ca5a8afc3d\/62d6f4df50a6350f0ac43faf\/conti_JLStock_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/post-breakup-conti-ransomware-members-remain-dangerous\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Post-Breakup, Conti Ransomware Members Remain Dangerous"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47588"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47588\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}