Conti Ransomware Gang data leaked, which is the perfect payback

Most people know how ransomware works. Your systems get infected, and your data is encrypted. It is common asymmetric encryption is involved meaning the attacker has the private key and if paid, will unencrypt your data. If you don’t pay, they will either keep your data encrypted or leak it on some darknet forum. Conti is famous for leaking stolen data when victims don’t pay. They also have publicized their support for the Russian side of the Russian Ukraine war. This action caused one Ukraine security researcher to strike back by leaking private data from the Conti group.

Kerbs on security went into details about the story behind what was leaked found HERE. It is interesting to see a criminal organization with over 100 salary employees have their conversations leaked. There is talk about helping members who have been arrested via funding lawyers, communications that occur when defenders such as the FBI disrupt services and a general feel of how the business is ran. Part 2 looks at staff schedules, senior vs newbie communication, department budgets, etc. Kerbs defines some of the office rules as the following

“Other Conti departments with their own distinct budgets, staff schedules, and senior leadership include:

Coders: Programmers hired to write malicious code, integrate disparate technologies
Testers: Workers in charge of testing Conti malware against security tools and obfuscating it
Administrators: Workers tasked with setting up, tearing down servers, other attack infrastructure
Reverse Engineers: Those who can disassemble computer code, study it, find vulnerabilities or weaknesses
Penetration Testers/Hackers: Those on the front lines battling against corporate security teams to steal data, and plant ransomware.”

Check out Kerb’s post (Part 1 found HERE) along with Part 2 found HERE.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.