Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning

IF 3.1 Q1 CRIMINOLOGY & PENOLOGY

Crime Science Pub Date : 2024-06-12 DOI:10.1186/s40163-024-00212-y

Estelle Ruellan, Masarah Paquet-Clouston, Sebastián Garcia

{"title":"Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning","authors":"Estelle Ruellan, Masarah Paquet-Clouston, Sebastián Garcia","doi":"10.1186/s40163-024-00212-y","DOIUrl":null,"url":null,"abstract":"Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. This paper analyzes the main discussion topics in the Conti chat leak using machine learning techniques such as Natural Language Processing (NLP) and Latent Dirichlet Allocation (LDA), as well as visualization strategies. Five discussion topics are found: (1) Business, (2) Technical, (3) Internal tasking/Management, (4) Malware, and (5) Customer Service/Problem Solving. Moreover, the distribution of topics among Conti members shows that only 4% of individuals have specialized discussions while almost all individuals (96%) are all-rounders, meaning that their discussions revolve around the five topics. The results also indicate that a significant proportion of Conti discussions are non-tech related. This study thus highlights that running such large RaaS operations requires a workforce skilled beyond technical abilities, with individuals involved in various tasks, from management to customer service or problem solving. The discussion topics also show that the organization behind the Conti RaaS operator shares similarities with a large firm. We conclude that, although RaaS represents an example of specialization in the cybercrime industry, only a few members are specialized in one topic, while the rest runs and coordinates the RaaS operation.","PeriodicalId":37844,"journal":{"name":"Crime Science","volume":null,"pages":null},"PeriodicalIF":3.1000,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Crime Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s40163-024-00212-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}

引用次数: 0

Abstract

Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. This paper analyzes the main discussion topics in the Conti chat leak using machine learning techniques such as Natural Language Processing (NLP) and Latent Dirichlet Allocation (LDA), as well as visualization strategies. Five discussion topics are found: (1) Business, (2) Technical, (3) Internal tasking/Management, (4) Malware, and (5) Customer Service/Problem Solving. Moreover, the distribution of topics among Conti members shows that only 4% of individuals have specialized discussions while almost all individuals (96%) are all-rounders, meaning that their discussions revolve around the five topics. The results also indicate that a significant proportion of Conti discussions are non-tech related. This study thus highlights that running such large RaaS operations requires a workforce skilled beyond technical abilities, with individuals involved in various tasks, from management to customer service or problem solving. The discussion topics also show that the organization behind the Conti RaaS operator shares similarities with a large firm. We conclude that, although RaaS represents an example of specialization in the cybercrime industry, only a few members are specialized in one topic, while the rest runs and coordinates the RaaS operation.

Abstract Image

查看原文本刊更多论文

康迪公司：利用机器学习了解大型勒索软件即服务运营商的内部讨论情况

勒索软件即服务（RaaS）正在扩大勒索软件攻击的规模和复杂性。由于此类活动的非法性，了解 RaaS 背后的内部运作一直是个挑战。最近，国际上最臭名昭著的勒索软件运营商之一 Conti RaaS 运营商的聊天记录泄露，为更好地了解此类组织的内部运作提供了一个重要机会。本文利用自然语言处理（NLP）和潜迪里希特分配（LDA）等机器学习技术以及可视化策略分析了 Conti 聊天记录泄露事件中的主要讨论主题。发现了五个讨论主题：(1) 业务；(2) 技术；(3) 内部任务/管理；(4) 恶意软件；(5) 客户服务/问题解决。此外，Conti 成员的话题分布显示，只有 4% 的人有专门的讨论，而几乎所有的人（96%）都是全能型的，这意味着他们的讨论围绕这五个话题展开。结果还表明，相当一部分 Conti 讨论与技术无关。因此，本研究强调，运营如此大型的 RaaS 业务需要一支技术能力之外的员工队伍，其中包括参与从管理到客户服务或解决问题等各种任务的人员。讨论主题还表明，康迪 RaaS 运营商背后的组织与大型公司有相似之处。我们的结论是，尽管 RaaS 是网络犯罪行业专业化的一个范例，但只有少数成员专门从事一个主题，而其他成员则负责运行和协调 RaaS 操作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Crime Science Social Sciences-Cultural Studies

CiteScore

11.90

自引率

8.20%

发文量

审稿时长

13 weeks

期刊介绍： Crime Science is an international, interdisciplinary, peer-reviewed journal with an applied focus. The journal''s main focus is on research articles and systematic reviews that reflect the growing cooperation among a variety of fields, including environmental criminology, economics, engineering, geography, public health, psychology, statistics and urban planning, on improving the detection, prevention and understanding of crime and disorder. Crime Science will publish theoretical articles that are relevant to the field, for example, approaches that integrate theories from different disciplines. The goal of the journal is to broaden the scientific base for the understanding, analysis and control of crime and disorder. It is aimed at researchers, practitioners and policy-makers with an interest in crime reduction. It will also publish short contributions on timely topics including crime patterns, technological advances for detection and prevention, and analytical techniques, and on the crime reduction applications of research from a wide range of fields. Crime Science publishes research articles, systematic reviews, short contributions and theoretical articles. While Crime Science uses the APA reference style, the journal welcomes submissions using alternative reference styles on a case-by-case basis.

文献相关原料

公司名称	产品信息	采购帮参考价格