Cybercrimeology

Visualizing Conti: Revealing the Business of Ransomware-as-a-Service through New Analytical Techniques

Episode Summary

What can leaked internal messages from a ransomware group reveal about how cybercrime operations really work? In this episode, Estelle Ruellan discusses the analysis of the tens of thousands of chat messages leaked from the Conti ransomware group she created with colleagues. They to mapped the internal roles and communication patterns of this group using natural language processing and Latent Dirichlet Allocation analysis to better understand this notorious ransomware-as-a-service outfits. We explore this interesting analysis method, what it uncovered, and howMs Ruellan’s quest to make cybercrime more understandable with data visualization.

Episode Notes

In this episode:

• How Estelle became involved in ransomware research between degrees
• The scale and origin of the ContiLeaks dataset
• Using machine learning and topic modelling to analyse criminal group communications
• What the internal chat data revealed about the organizational structure of Conti
• Surprising insights about roles, specializations, and tasking within a criminal enterprise
• Why making cybercrime research accessible through data visualization matters

About our guest:

Estelle Ruellan

• https://www.linkedin.com/in/estelle-ruellan/

Papers or resources mentioned in this episode:

Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-y

Flare Data Explorer – Explore cybercrime datasets visually:

https://flare.io/flare-data-explorer/

Other:

• Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)
• Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model