In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms.
To strengthen their anonymity through alterations in on-chain behavior, two major ransomware syndicates, LockBit and Conti, restructured their activities.
Through TRM’s on-chain analysis, open source reporting, and proprietary information, the intelligence firm discovered that Conti ceased its original operation and restructured into three smaller groups named Black Basta, BlackByte, and Karakut. Before the diversification, Karakut was a side project run by Conti operators.
LockBit, on the other hand, rebranded its operations since Ukraine’s invasion last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.
All Comments