Ransomware group operates like regular company, with HR department, 'employee of the month'

Leaked documents show that ransomware group Conti operates like a regular company, with salaried workers, bonuses, performance reviews and even "employees of the month," CNBC reported April 13.

A series of leaked documents published Feb. 28 has revealed the internal structures of Conti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021. 

Here's what the documents say:

  • Conti has clear management, finance and human resource functions, along with a classic organizational hierarchy with team leaders that report to upper management.

  • Conti has physical offices in Russia, and may have ties to the Russian government.

  • The group has salary workers, some of which are paid in bitcoin.
  • Negotiators receive commission from ransomes ranging from 0.5 percent to 1 percent.
  • Conti has an employee referral system, in which bonuses are given to employees who've recruited others who worked for at least a month.

  • An employee of the month earns a bonus equal to half their salary.

  • Conti hires from Russian headhunting services, and the criminal underground.
  • Some employees may not know that they are working for a cybercriminal group, as Conti tells candidates that they are an advertising group. 

The Russian government has denied that it takes part in cyberattacks.

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars