Seems to be a lot of Conti-related analyses this week, as well as the $10 million reward offered by the government for information leadings to Conti’s leaders. From Intel471:
Software developers often depend on the collective knowledge of the industry to build their products. Whether it’s through reverse engineering, poaching talent, or straight up cloning things, developers often lean on this collective knowledge to build operating systems, social media services, messaging applications or many other kinds of software.
Ransomware gangs are apparently no different. Thanks to the Conti Leaks, Intel 471 researchers found evidence that the Conti ransomware group kept a close eye on other ransomware groups and borrowed some of their techniques and best practices for its own operations. Additionally, Intel 471 also observed the Conti group’s affiliates and managers cooperating with other gangs, which included the LockBit, Maze and Ryuk teams.
From reworking encryption algorithms, to copying sections of ransom notes, to using developers that worked on several different kinds of ransomware, Intel 471 found that Conti’s operations were powered by information gleaned from competitors.
Read more at Intel471