- GangExposed leaks sensitive information and PII on key ransomware figures
- Among them are Stern and Professor
- Stern's identity was confirmed by German police
A mysterious leaker has been spotted unveiling the identities of some of the world’s most wanted cybercriminals, including the masterminds behind Conti and Trickbot ransomware, infamous groups responsible for some of the biggest extortions in modern history.
Recently, The Register spoke to an anonymous individual that goes by the alias GangExposed, who said they are on a personal mission to “fight against an organized society of criminals known worldwide”.
"I take pleasure in thinking I can rid society of at least some of them," GangExposed said. "I simply enjoy solving the most complex cases."
Doxxing Stern
One of the people they doxxed is Stern, the leader of Trickbot and Conti ransomware operations. They claim Stern is actually one Vitaly Nikolaevich Kovalev, a 36-year-old Russian national. His identity was later confirmed by German police.
"The subject is suspected of having been the founder of the 'Trickbot' group, also known as 'Wizard Spider,'" the Federal Criminal Police Office of Germany said recently. "The group used the Trickbot malware as well as other malware variants such as Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol."
Soon after, GangExposed doxxed another key figure, AKA Professor. Behind this alias, they claim, is a 39-year-old Russian named Vladimir Viktorovich Kvitko. Kvitko is allegedly living in Dubai.
Besides naming key figures, GangExposed leaked chat logs, videos, and ransom negotiations.
The leaker claim not to be an “IT guy” and that the methodology relies on observing patterns that others have missed:
"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," they told the publication.
"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than those of most subjects of my investigations."
To uncover the identities of infamous cybercriminals, they used data obtained via "semi-closed databases, darknet services (for probing state records through corrupt officials), and I often purchase information. I have access to the leaked FSB border control database," they added, claiming to have purchased them from the darkweb for $250,000.
An interesting detail is that they could have claimed at least $10 million in bounty from the FBI, but have apparently decided against it - leading some media to speculate they are a disgruntled former member just looking for revenge, while others believe grabbing the bounty could incriminate themselves, as well.
You might also like
- Conti ransomware group officially shuts down - but probably not for long
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.