The interest in cryptocurrency platforms is all about moving money, Holden says. “My explanation is that these guys want to control and be able to launder money,” he explains. “If they are able to launder the money, for example, they can move stolen proceeds into their own platform, they can hide or otherwise obfuscate their money trail.”
The vast majority of ransomware payments are made using cryptocurrencies. Blockchain tracking firm Chainalysis identified more than $600 million in crypto ransomware payments in both 2020 and 2021—Conti was the most prolific group. However, law enforcement bodies and investigators are becoming more adept at following ransomware payments on the blockchain and identifying individuals involved in the ransomware gangs.
By creating its own system, Conti could potentially help members avoid the attention of law enforcement. “They want to exercise more autonomy over their finances,” says Vitali Kremez, the CEO of security company AdvIntel. Creating any blockchain-based system, Kremez says , would potentially give Conti the “freedom to cash out and make their ransomware payouts easier than relying on any public crypto ledger.” Kremez says a cybercrime gang creating its own payment system wouldn’t be totally unheard-of and fits with “previous philosophies .”
While a crypto platform may make some sense for the day-to-day running of Conti, its efforts to create a social network appear to lack a clear direction. Several high-profile Conti members have been involved in conversations about the development. These include Stern and Mango, a Conti general manager who reports directly to the boss and makes sure Conti’s members get paid.
“We make a social network primarily for ourselves and the community,” Mango explained to Conti member Ghost, after they had discussed it with Stern. Mango said it could be like Russia’s biggest social media website, VKontakte (aka VK), but with a twist: It would be for the “darknet.”
In July 2021, Stern explained to Mango that the social network is meant to be a commercial product. They said it would be a centralized, “code closed” system—much like Facebook, Twitter, and all other major social media platforms. The “ The main thing,” Stern said, would be “trade.” Communications and news could be added later.
As with its crypto project, Conti has created designs of what a social network could look like; two designs were shared in July 2021 and they appear to use the same designer. Using the name Wild Kingdom, the mockups show a logged-in user who is looking at another person’s profile page. An account’s most recent activity, contact information, when they were last active, and an option to message them are visible. There’s also space for advertisements. The social media mockups also fold in Conti’s crypto interests; they show how much bitcoin an account has.
“Everyone will be there,” Stern said in messages to Mango. “Reporters. Ordinary users. Buyers. There must be at least 1 million people on the social network.” Getting carried away, Stern even proposed turning to gambling: “Maybe we ‘ll make a casino.”
Despite Conti spending money and development time on these side projects, neither of them seem to have launched. And it’s likely they never will, says Kimberly Goody, director of cybercrime analysis at security firm Mandiant. “I don’t think that some of those are achievable or realistically obtainable for them,” Goody says. However, she adds, it does show Conti has “big aspirational goals as an organization.”
Conti, or at least its senior members, are contemplating their life beyond ransomware. “They’re not just individuals that are concerned about payouts,” Kremez says. “They’re thinking about legacy, thinking about the long-term future.”
More Great WIRED Stories