Russian ransomware operators Conti has had thousands of sensitive internal chat logs leaked to journalists, law enforcement agencies and cybersecurity researchers, apparently by a disgruntled employee.
The leak reportedly comes as retaliation for the group recently choosing to side with the Russian government following its invasion of Ukraine.
The news was first broken by BleepingComputer (opens in new tab), which said the ransomware group published a short announcement in the first days of the invasion expressing its full support for the Russian government, and threatening any cybersecurity or cybercrime groups who decide to use their skills to disrupt the Russian operation.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Bitcoin addresses and previously unreported victims
However, Conti seems to have plenty of Ukraine-based affiliates, and after what seems to be a severe backlash, the group changed its stance, condemning the ongoing war and claiming not to be taking any sides. However it did add that it will utilize its full force in the battle against “western warmongering and American threats”.
The as-yet-unnamed Ukrainian culprit behind the leak said the Conti gang has “lost all their sh*t”, before dumping more than 60,000 internal chat messages, the authenticity of which has now been confirmed by independent cybersecurity researchers.
> Meyer hit by ransomware attack, thousands of employees affected (opens in new tab)
> Shutterfly hit by Conti ransomware attack (opens in new tab)
> Ransomware: an evolving threat (opens in new tab)
For now the media have only shared relatively benign chat logs in order to prove the authenticity of the leak.
However, there seems to be plenty of dirty laundry among the chat logs, some of which might even lead to arrests. Initial investigations suggest the chat logs disclose details such as previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.
Conti is an active ransomware group, which only recently hit American cookware distributor Meyer, stealing sensitive employee information. The group seems to have taken Meyer employees’ full names, physical addresses, birthdates, gender and ethnicity information, Social Security numbers, health insurance information and data on employee medical conditions, random drug screening results, Covid vaccination cards, driver’s licenses, passport data, government ID numbers, permanent resident cards, immigration status information, and information on dependents.
It was also reported that some of the top members of the notorious TrickBot malware family have also recently joined Conti’s ranks.
- Here’s our rundown of the best antivirus software right now