Ukrainian Researcher Leaks Conti Ransomware Gang Data

Cybercrime as-a-service
Fraud Management & Cybercrime

The Leak Will Help Researchers Track and Fight Conti and Its Affiliates

Ukrainian Researcher Leaks Conti Ransomware Gang Data
The Ukrainian flag via Geralt/Pixabay.

A Ukrainian cybersecurity researcher has released 13 months of sensitive data that came from the internal systems of the Conti ransomware gang, a development that may help in the fight against a prevalent ransomware strain.

See Also: Live Webinar | Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse

The researcher, who had access to Conti’s systems, released the data after the notorious ransomware gang expressed support for Russia since its invasion of Ukraine, says Alex Holden, CTO of Hold Security, a consultancy that studies ransomware and cybercrime. The security researcher’s name cannot be released.

The data, which is in JSON format, includes Jabber chat logs, bitcoin addresses and negotiations between ransomware victims and the Conti attackers. Much of the data is internal chat between members and affiliates of Conti, including personal details, conflicts and accusations. There are also logs related to TrickBot, a botnet that has been used at times to distribute Conti, Holden says. The data covers the period from January 2021 until earlier this month (see: Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware).

The Conti data is “a must-read for any security professional because it gives you an insight of how ransomware really works,” Holden says. VX-Underground, a group of malware researchers, has also vetted the data and shared it publicly….