Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang

We report on the use of classic economic, complex systems, and organization theories applied to the organizational and social dynamics within the ransomware group, Conti (a profitable Russian cybercriminal organization). By analyzing the extensive chat logs leaked from the group, we illuminate the extent to which “organized” cybercrime is truly organized and how the group’s structure contributes to its resilience. We implemented three distinct analytical approaches, and integrated these to provide new insights into the resilience of this most profitable of ransomware groups. Manatova (a native speaker of Russian) applied discourse analysis of conversations to identify roles, relationships, and operational processes within the group. A social graph maps the group’s membership structure and the evolution of such relationships over time. Our results include an empirical showing how a group exhibits a hierarchical organizational pattern based on workflow, mentorship, and friendship relationships among members.

We provide attendees insights into the complex interplay of actors and their roles within the group’s cybercriminal activities, ultimately informing strategies to target and disrupt similar clandestine organizations.

By:
Dalya Manatova | PhD Student, Indiana University
L Jean Camp | Professor, Indiana University

Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#relationships-matter-reconstructing-the-organizational-and-social-structure-of-a-ransomware-gang-39725Black HatRead More