A Ukrainian cyber researcher has unveiled data belonging to the notorious Conti ransomware gang.
The researcher had access to the gang’s systems and released the data after the group declared its support for Russia following the invasion of Ukraine, said Alex Holden, CTO of Hold Security, as reported by Bank Info Security. The researcher’s name cannot be shared.
The data is in JSON format and includes Jabber chat logs, Bitcoin addresses, and negotiations between ransomware victims and Conti attackers. A large part of the data is internal chat logs between members and affiliates of the ransomware group, which reportedly includes personal details, conflicts, and accusations.
There are also logs related to Trickbot, a botnet that has been used in the past to distribute the Conti ransomware, said Holden. The data range is from January 2021 to early February 2022.
Holden added that the Conti data is a must-read for any security professionals as it provides an insight into how early ransomware really works.
A group of malware researchers called VX-Underground has also taken a look at the data and shared it publicly after verifying it.
News of the data leak comes as Ukraine unveils plans to create an “IT army” to fight against Russia’s digital intrusions. Mykhailo Federov, the country’s vice prime minister and minister of digital transformation, announced on Twitter that the government needs digital talents.
“There will be tasks for everyone,” he wrote. “We continue to fight on the cyber front. The first task is on the channel for cyber specialists.”
Cyber attacks on the Ukrainian government and soldiers increased last week following the invasion of the country by Russia. The attacks are part of Russia’s hybrid war strategy, where it is deploying destructive malware and denial of services. In the wake of the atacks, organisations have been urged to adopt an enhanced cyber security position.
-
Helping customers adopt a multi-cloud infrastructure and accelerate their modernization journeySponsored Content We outline what shifting to a subscription model means for your business
-
UK firms are 'sleepwalking' into smart building cyber threatsNews The convergence of operational technology and IT systems is posing serious risks for property firms.
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
