Prodaft security researchers have applied the risk to the recovery servers used by Conti Ransomware-as-a-Service (RaaS), which allowed them to gain an understanding of the ransomware’s internal functionality.
The error also allowed the researchers to detect the actual IP addresses of a hidden service host on the recovery website, including 20 IPs linked to Conti servers, as well as two Tor access nodes used by the recovery service, all reported to authorities.
In addition, Prodaft detected contact sessions with victims that allowed them to identify the accounts used when collecting victims’ data, including linking IP addresses and rented software. The investigation also revealed the use of the same Bitcoin address for multiple victims ’wallets.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News
