Proving there’s truth to the sentiment, “No honor among thieves,” a disgruntled Ukrainian worker of the pro-Russia ransomware group, Conti, is getting political revenge. The believed-to-be Ukrainian national is responsible for leaking an avalanche of covert chat logs in late February 2022, shortly after Conti publicly declared its support of Russia’s invasion of Ukraine. Although the group ultimately retracted its statement, the cat was already out of the bag. The torrid of operational secrets had already been posted on Twitter, including Conti’s revenue numbers, its’ leaders, recruiting practices, negotiating tactics & even the ransomware source code the gang uses to go after its targets. The criminal enterprise is tied to a number of high-profile attacks, including one against the Irish Healthcare system in 2021, which cost upwards of $48 million. Conti typically steals victims’ files & encrypts the servers & workstations to force a ransom payment from the victim. If the ransom isn’t paid, the stolen data is sold or published to a public site controlled by the Conti actors. As a result of the leak, cybersecurity experts now have a clearer picture of the group’s operation as multi-layered business organization. By sharing Conti’s inner workings, experts say ransomware negotiators & organizations alike will be better equipped to handle an attack when & if it occurs. Leaks like these could even bring law enforcement steps closer to taking down Conti & other gangs like it.
