Ransomware group operates like regular company, with HR department, 'employee of the month'

Leaked documents show that ransomware group Conti operates like a regular company, with salaried workers, bonuses, performance reviews and even "employees of the month," CNBC reported April 13.

A series of leaked documents published Feb. 28 has revealed the internal structures of Conti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021. 

Here's what the documents say:

  • Conti has clear management, finance and human resource functions, along with a classic organizational hierarchy with team leaders that report to upper management.

  • Conti has physical offices in Russia, and may have ties to the Russian government.

  • The group has salary workers, some of which are paid in bitcoin.
     
  • Negotiators receive commission from ransomes ranging from 0.5 percent to 1 percent.
     
  • Conti has an employee referral system, in which bonuses are given to employees who've recruited others who worked for at least a month.

  • An employee of the month earns a bonus equal to half their salary.

  • Conti hires from Russian headhunting services, and the criminal underground.
     
  • Some employees may not know that they are working for a cybercriminal group, as Conti tells candidates that they are an advertising group. 

The Russian government has denied that it takes part in cyberattacks.

Copyright © 2025 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


You can unsubscribe from these communications at any time. For more information, please review our Privacy Policy
.
 

Articles We Think You'll Like