Money over Morals: A Business Analysis of Conti Ransomware

Ian W. Gray, Jack Cable, Benjamin Brown, Vlad Cuiujuclu, Damon McCoy

    Research output: Chapter in Book/Report/Conference proceedingConference contribution


    Ransomware operations have evolved from relatively unsophisticated threat actors into highly coordinated cybercrime syndicates that regularly extort millions of dollars in a single attack. Despite dominating headlines and crippling businesses across the globe, there is relatively little in-depth research into the modern structure and economics of ransomware operations.In this paper, we leverage leaked chat messages to provide an in-depth empirical analysis of Conti, one of the largest ransomware groups. By analyzing these chat messages, we construct a picture of Conti's operations as a highly-profitable business, from profit structures to employee recruitment and roles. We present novel methodologies to trace ransom payments, identifying over $80 million in likely ransom payments to Conti and its predecessor - over five times as much as in previous public datasets. As part of our work, we will publish a dataset of 666 labeled Bitcoin addresses related to Conti and an additional 75 Bitcoin addresses of likely ransom payments. Future work can leverage this case study to more effectively trace - and ultimately counteract - ransomware activity.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 2022 APWG Symposium on Electronic Crime Research, eCrime 2022
    PublisherIEEE Computer Society
    ISBN (Electronic)9798350301694
    StatePublished - 2022
    Event2022 APWG Symposium on Electronic Crime Research, eCrime 2022 - Virtual, Online, United States
    Duration: Nov 30 2022Dec 2 2022

    Publication series

    NameeCrime Researchers Summit, eCrime
    ISSN (Print)2159-1237
    ISSN (Electronic)2159-1245


    Conference2022 APWG Symposium on Electronic Crime Research, eCrime 2022
    Country/TerritoryUnited States
    CityVirtual, Online


    • Conti
    • Ransomware
    • cybercrime

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Computer Science Applications
    • Information Systems
    • Information Systems and Management


    Dive into the research topics of 'Money over Morals: A Business Analysis of Conti Ransomware'. Together they form a unique fingerprint.

    Cite this