On February 27, an individual associated with the Conti ransomware group started leaking a treasure trove of data beginning with internal chat messages. Conti is responsible for a number of high profile attacks, including one against the Irish Healthcare system which has cost more than $48 million and more importantly has had an unprecedented human impact.
Only shortly before, the Conti gang had announced its support for the Russian government despite international outrage for the invasion and war on Ukraine. We believe this triggered a strong emotional reaction from one of the group’s members who may be a Ukrainian national.
The Twitter handle @ContiLeaks has been dropping extremely valuable data about the Conti and its members. The tweets include screenshots, raw data files and even the ransomware source code. In between data dumps, the actor behind the account is expressing his disgust and anger.
Due to the sheer volume of data and the fact that a large portion of chats is in Russian, it will take some time to process and analyze. What we know already is that there is extremely valuable information about the Conti ransomware groups in particular about how they work as an organization and how they target their victims.
While Conti is quite resourceful and will probably rebound, there is no doubt that these leaks will cost them a great deal of money and possibly instill fear about their identification as individuals.
The Malwarebytes Threat Intelligence team continues to track and analyze this data dump as well as other cyber threats related to the war in Ukraine. Any intelligence that is collected is passed on and used to protect our customers.
The post The Conti ransomware leaks appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.