Published 1st Mar, 2022

By Emmanuel Uti

After leaders of the Conti ransomware group issued an angry pro-Russian statement on their official site on Friday, a member of the group thought to be of Ukrainian origin leaked the gang’s internal discussions.

Conti’s Ukrainian members seem to have taken exception to the message, and one of them has hacked the gang’s internal Jabber/XMPP system. Internal records were released in an email sent to a number of media and security experts on Tuesday.

The veracity of the leaked talks has been validated by Dmitry Smilyanets, a threat intelligence analyst for Recorded Future who used to engage with the Conti gang.

The Record Media reported that the stolen data consists of 339 JSON files, each of which includes a full day’s worth of logs. Security Company IntelligenceX has disclosed conversations from January 29, 2021, to today, February 27, 2022, which can be viewed online.

In an email received earlier today, the leaker said, “We promise it is very interesting”.

According to the Record Media, the contents of the leaked communications include “Messages that show Conti’s ties to the TrickBot and Emotet malware gangs”.

“They often rented access to compromised systems from these groups to spread their software messages indicate the shutdown of the TrickBot botnet earlier this month,” the platform says.

“Messages include talks about ransom and payments from businesses that haven’t said they had a data breach or ransomware attack before.”

According to the Malware Tech Blog on Twitter, the Conti leaks offer everyone an unprecedented insight into the inner workings of a major cybercrime organisation.

“The Conti ransomware has made at least $2.7 billion since it started in 2017, according to analysis of leaked bitcoin addresses. An unnamed journalist offered to help Conti extort companies (most likely by threatening to cover the company’s breach), in return for a 5 percent commission,” the blog says.

Share on Social Media