Leaked documents show that ransomware group Conti operates like a regular company, with salaried workers, bonuses, performance reviews and even "employees of the month," CNBC reported April 13.
A series of leaked documents published Feb. 28 has revealed the internal structures of Conti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021.
Here's what the documents say:
- Conti has clear management, finance and human resource functions, along with a classic organizational hierarchy with team leaders that report to upper management.
- Conti has physical offices in Russia, and may have ties to the Russian government.
- The group has salary workers, some of which are paid in bitcoin.
- Negotiators receive commission from ransomes ranging from 0.5 percent to 1 percent.
- Conti has an employee referral system, in which bonuses are given to employees who've recruited others who worked for at least a month.
- An employee of the month earns a bonus equal to half their salary.
- Conti hires from Russian headhunting services, and the criminal underground.
- Some employees may not know that they are working for a cybercriminal group, as Conti tells candidates that they are an advertising group.
The Russian government has denied that it takes part in cyberattacks.