Cybersecurity Cloud & Data

Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments

The prolific RaaS (Ransomware-as-a-Service) group Conti, which has been bringing governments and businesses throughout the world to their knees with their RaaS model, have made a mountain of money as high as US$ 180 million last year, says an Akamai report.

In the Akamai Ransomware Threat Report APJ Deep Dive H1 2022, Akamai analysed a recent leak of documents from Conti to understand its modus operandi and to form a profile of the attack trends, tools, and tactics that led to its success.


Read more: The Rise of RaaS: With Conti attacking Costa Rica govt vulnerability is in the limelight


Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies.

Akamai gathered the data for this report from Conti’s publicly reported attacks on their leak site. The worrying part is that the data does not represent all of Conti’s attempted attacks.

High Business Sector Attacks Concern for Affiliated Parties

Despite the fact that businesses were the top target of Conti in the APJ region, it ranked the third-highest globally to be attacked by Conti. According to Akamai, the Conti group’s heavy slant against North American and EMEA regions is the reason for lesser frequency of attacks in the APJ region.

Still, the higher number of attacks on business services in this region can be concerning because of the risk of supply chain cyberattacks. According to the report, cybercriminals can breach a third party, such as business services companies, to gain a foothold on high-value targets.

Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies

For example, a Taiwanese company and supplier/contractor for a high-end automobile manufacturer, and a consumer electronics company, suffered Conti attacks in 2022. Despite 1,500 servers being encrypted, the attack reportedly impacted only noncritical systems. Here, third-party companies can introduce security risks to affiliated organizations.

The APJ region also indicates a considerably higher number of critical infrastructure attacks as compared with other regions. “Attacks on these verticals could have catastrophic, real-world implications,” says the report.

For example, one of the largest electricity providers in Australia was hit by a Conti ransomware attack in 2021. Although the attack did not disrupt their services, it could easily have.


Read more: ESET Research uncovers new cyberespionage group Worok targeting companies, govts in Asia


Retail and hospitality were the second most attacked verticals in APJ. This is not surprising since the commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target.

SMBs Beware

The report highlights that more than 40% of victimized organizations make revenue up to US$50 million. This means the Conti group is targeting small and medium-sized businesses (SMBs) that are able to pay the ransom but do not have the same resources and cybersecurity technologies as larger enterprises.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Is AI Hitting a Plateau? The Scaling Debate OpenAI Prefers to Avoid

I think OpenAI is not being honest about the diminishing returns of scaling AI with…

6 hours ago

PayalGaming becomes India’s first female gamer to win an international award

S8UL Esports, the Indian esports and gaming content organisation, won the ‘Mobile Organisation of the…

14 hours ago

Funding alert: Tech startups that raked in moolah this month

The Tech Panda takes a look at recent funding events in the tech ecosystem, seeking…

2 days ago

Colgate launches AI-powered personalized dental screenings

Colgate-Palmolive (India) Limited, the oral care brand, launched its Oral Health Movement. The AI-enabled initiative…

2 days ago

The role of ASR in voice bots: Revolutionizing customer interaction through real-time recognition

This fast-paced business world belongs to the forward thinking organisations that prioritise innovation and fully…

2 days ago

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

1 week ago