Conti Ransomware Gang Sees Thousands of Internal Chats Leaked After Posting Pro-Russia Message

Conti Ransomware Gang Sees Thousands of Internal Chats Leaked After Posting Pro-Russia Message
Photo: Sean Gallup, Getty Images

Members of the Conti ransomware gang are now being attacked by one of their own. An insider from the gang has leaked a massive cache of internal chats after its leaders took an aggressive pro-Russian stance on their public site.

That statement, which was first shared with cybersecurity researchers on Friday, vowed to use “all possible resources to strike back at the critical [infrastructure] of an enemy” that launched “a cyberattack or any war activities against Russia” during the country’s ongoing invasion of Ukraine. Evidently, that was enough to set off one of the members, who leaked tens of thousands of internal chats from the group.

The leak was shared with the malware research group VX-Underground, who posted it in full here. But before you click, just know that it’s… a lot; there are about 340 files dating back to January 2021, all written in the group’s native Russian. Among the messages are links to file sharing sites, hacking how-to’s, and various other goodies that might harm your device if you go down that rabbit hole and open those links, so be warned.

While Gizmodo hasn’t had the chance to dig through the tranche, the outlet Recorded Future described finding everything from Bitcoin addresses where Conti members received payments, and messages containing ransom negotiations between Conti and its victims. As of mid-2021, the group had raked in over $US25 ($35) million in ransomware payouts from more than 100 victims and has targeted companies like Shutterfly as well as law enforcement and healthcare systems around the world.

This likely won’t be the last example of infighting we’ll see from the cybercriminal community, which has always been pretty vibrant in both Russia and Ukraine.

Since Russia began invading its neighbour though, some of these groups — like Conti, Sandworm, and even Anonymous — have begun picking sides between the two countries. Yesterday, Ukraine stepped this up a notch by unleashing its “IT Army”: close to 200,000 volunteers across cybersecurity that are working to shut down various parts of Russian infrastructure, like the websites for Russia’s parliament. Russia, meanwhile, has reports of vigilante hackers working across the country to take down Ukrainian government websites and poach data from civilians.