The Leak Will Help Researchers Track and Fight Conti and Its Affiliates
A Ukrainian cybersecurity researcher has released 13 months of sensitive data that came from the internal systems of the Conti ransomware gang, a development that may help in the fight against a prevalent ransomware strain.
The researcher, who had access to Conti’s systems, released the data after the notorious ransomware gang expressed support for Russia since its invasion of Ukraine, says Alex Holden, CTO of Hold Security, a consultancy that studies ransomware and cybercrime. The security researcher’s name cannot be released.
The data, which is in JSON format, includes Jabber chat logs, bitcoin addresses and negotiations between ransomware victims and the Conti attackers. Much of the data is internal chat between members and affiliates of Conti, including personal details, conflicts and accusations. There are also logs related to TrickBot, a botnet that has been used at times to distribute Conti, Holden says. The data covers the period from January 2021 until earlier this month (see: Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware).
The Conti data is “a must-read for any security professional because it gives you an insight of how ransomware really works,” Holden says. VX-Underground, a group of malware researchers, has also vetted the data and shared it publicly….