AnonymousContiCyber CrimeLeaksLockBitNewsransomwareRussiaukraine

Conti chat logs leaked as ransomware gang sides with Russia

The individual responsible for leaking Conti chat logs has warned the ransomware gang that more files will be made public soon.

Conti ransomware gang declared its support for Russia soon after the country sent its troops to Ukraine on Feb 28th,2022. The gang is now paying the price for getting involved in the conflict.

Conti Ransomware Gang Receive Backlash

Conti ransomware gang posted a statement on its website claiming that they are ready in “full capacity” to deliver “retaliatory measures” if Western entities attacked critical infrastructure in Russia or any Russian-speaking region. The gang threatened to “strike back” at the entity by attacking their infrastructure in return.

Apparently, the group had second thoughts after posting this resentful statement and later revised their stance and issued another message that read:

We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well-being and safety of peaceful citizens will be at stake due to American cyber aggression.

Conti Ransomware Gang

Full preview of Conti Gang’s post

Conti on Russia-Ukraine conflict
Conti on Russia-Ukraine conflict

Cache of Conti Gang’s Chat Logs Leaked

As per VX-Underground, a malware research platform, soon after Conti showed support for Russian troops, a dataset containing around 400 JSON files and 60,000 internal chat logs in the Conti group’s native Russian language was leaked online.

Cisco Talos’ researcher Azim Khodjibaev tweeted that the chats were stolen from the Jabber chat app. Some claim that a Ukrainian security researcher leaked the files, while others believe it is an insider’s job and a Ukrainian member of the gang probably leaked Conti gang members’ chats.

The individual responsible for this leak has warned the Conti gang that more files stolen from them will be made public soon and posted the data with this message: “Glory to Ukraine.”

Conti ransomware chats leaked after gang sides with Russia
On the left is the Twitter handle that has been leakeing Conti data – On the right is the snapshot of Conti’s alleged storage server.

What Information was Leaked?

The leaked files contain around one year’s worth of internal chats between Jan 2021 and February 2022. Each file has hundreds of messages exchanged between Conti group members. An analysis of some of these files revealed that most chats mentioned their recently acquired TrickBot malware and Emotet and Ryuk malware.

Moreover, researchers identified over 200 Bitcoin addresses holding around $13 million in ransom payments. The chats also revealed personal details of the members, their conversations with victims, critical infrastructure data, and IP addresses, among other information. Security researcher Bill Demirkapi translated the chats and other data into English.

According to journalist Brian Krebs, he spent the last 2 days analyzing 14 months’ worth of leaked chats and found out that it is a “bottomless gold mine.” Krebs further pointed out that one portion of the chat details how Conti went on to financially assist “Alla Witte, aka Max,” a 55-year-old member of the gang from Latvia.

Alla Witte (Image source: Her offline website via Archive.org)

Witte was arrested on Feb. 6, 2021, in Miami, Florida over her alleged role in a transnational cybercrime organization responsible for creating and deploying a computer banking trojan and ransomware suite of malware known as “Trickbot.”

Nevertheless, Conti should have taken cues from the LockBit ransomware gang, which also has Russians as its members, as the group has confirmed that it’ll not get involved in the conflict because it doesn’t want to hurt its Ukrainian and other foreign members.

Watch out what you are about to download!

Although the cybersecurity community is well aware of the risks of downloading anonymous files especially those on cybercriminals, researchers at Malwarebytes have a warning for you.

According to a tweet by Malwarebytes Threat Intelligence, since most of the download links are on the self-proclaimed “Anonymous” file sharing service AnonFiles, the site is “pushing bogus extensions and VPNs before one can download the intended file.

More Security News:

  1. Russia ”neutralizes” REvil ransomware gang, arrests 14
  2. DDoS Attack and Data Wiper Malware hit Computers in Ukraine
  3. Ransomware gang with $42 million laundering caught by Ukraine
  4. Husband and wife among ransomware operators arrested in Ukraine
  5. Russian TV channels & EV charging station with pro-Ukraine messages




Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button