Episode 118

Visualizing Conti: Revealing the Business of Ransomware-as-a-Service through New Analytical Techniques

What can leaked internal messages from a ransomware group reveal about how cybercrime operations really work? In this episode, Estelle Ruellan discusses the analysis of the tens of thousands of chat messages leaked from the Conti ransomware group she created with colleagues. They to mapped the internal roles and communication patterns of this group using natural language processing and Latent Dirichlet Allocation analysis to better understand this notorious ransomware-as-a-service outfits. We explore this interesting analysis method, what it uncovered, and howMs Ruellan’s quest to make cybercrime more understandable with data visualization.

Cybercrimeology · Estelle Ruellan

June 1, 202527m 50s

Audio is streamed directly from the publisher (cdn.simplecast.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

In this episode:

How Estelle became involved in ransomware research between degrees
The scale and origin of the ContiLeaks dataset
Using machine learning and topic modelling to analyse criminal group communications
What the internal chat data revealed about the organizational structure of Conti
Surprising insights about roles, specializations, and tasking within a criminal enterprise
Why making cybercrime research accessible through data visualization matters

About our guest:

Estelle Ruellan

https://www.linkedin.com/in/estelle-ruellan/

Papers or resources mentioned in this episode:

Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-y

Flare Data Explorer – Explore cybercrime datasets visually:

https://flare.io/flare-data-explorer/

Other:

Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)
Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model

Topics

contiresearchcybercrimeorganized crimeransomwarecybersecurityraaseducationresearch methods

← All episodes of Cybercrimeology