Cybersecurity Cloud & Data

Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments

The prolific RaaS (Ransomware-as-a-Service) group Conti, which has been bringing governments and businesses throughout the world to their knees with their RaaS model, have made a mountain of money as high as US$ 180 million last year, says an Akamai report.

In the Akamai Ransomware Threat Report APJ Deep Dive H1 2022, Akamai analysed a recent leak of documents from Conti to understand its modus operandi and to form a profile of the attack trends, tools, and tactics that led to its success.


Read more: The Rise of RaaS: With Conti attacking Costa Rica govt vulnerability is in the limelight


Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies.

Akamai gathered the data for this report from Conti’s publicly reported attacks on their leak site. The worrying part is that the data does not represent all of Conti’s attempted attacks.

High Business Sector Attacks Concern for Affiliated Parties

Despite the fact that businesses were the top target of Conti in the APJ region, it ranked the third-highest globally to be attacked by Conti. According to Akamai, the Conti group’s heavy slant against North American and EMEA regions is the reason for lesser frequency of attacks in the APJ region.

Still, the higher number of attacks on business services in this region can be concerning because of the risk of supply chain cyberattacks. According to the report, cybercriminals can breach a third party, such as business services companies, to gain a foothold on high-value targets.

Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies

For example, a Taiwanese company and supplier/contractor for a high-end automobile manufacturer, and a consumer electronics company, suffered Conti attacks in 2022. Despite 1,500 servers being encrypted, the attack reportedly impacted only noncritical systems. Here, third-party companies can introduce security risks to affiliated organizations.

The APJ region also indicates a considerably higher number of critical infrastructure attacks as compared with other regions. “Attacks on these verticals could have catastrophic, real-world implications,” says the report.

For example, one of the largest electricity providers in Australia was hit by a Conti ransomware attack in 2021. Although the attack did not disrupt their services, it could easily have.


Read more: ESET Research uncovers new cyberespionage group Worok targeting companies, govts in Asia


Retail and hospitality were the second most attacked verticals in APJ. This is not surprising since the commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target.

SMBs Beware

The report highlights that more than 40% of victimized organizations make revenue up to US$50 million. This means the Conti group is targeting small and medium-sized businesses (SMBs) that are able to pay the ransom but do not have the same resources and cybersecurity technologies as larger enterprises.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

2 days ago

Harnessing the power of AI: Preparing today’s workforce for tomorrow’s challenges

In an era defined by rapid technological advancement, Artificial Intelligence (AI) stands as a transformative…

2 days ago

Indian esports makes history at BRICS Esports Championship in Moscow

In a historic moment for Indian esports, Wasfi “YoshiKiller” Bilal secured a silver medal at…

3 days ago

Geek Appeal: New gadgets & apps on the block

The Tech Panda takes a look at recently launched gadgets & apps in the market.…

3 days ago

Ecosystem harkat: India’s Biotech & space tech, early stage tech startups & women entrepreneurs in blockchain

The Tech Panda takes a look at what’s buzzing in the startup ecosystem. The startup…

3 days ago

Harris vs. Trump: Forecasting Bitcoin’s Future in a Post-Election Economy

With just days until the outcome of the U.S. presidential race, Bitcoin enthusiasts across the…

4 days ago