No Honor Among Thieves: Disgruntled Member Of ‘Conti’ Ransomware Gang Leaks Files

Here’s evidence that the members of these ransomware gangs have no honor. A ticked off member of the “Conti” ransomware gang is pretty much hanging the other members of his gang out to dry by leaking out files related to the gang:

The files, posted to a forum frequented by Russian-speaking cybercriminals and reviewed by NBC News, include numerous instruction manuals allegedly belonging to Conti, a Russian-speaking hacker group that has attacked several hospitals, including health care chains in the U.S., and Ireland’s national system, the Health Service Executive… The leak appears authentic, said Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, as it describes the attacks as coming from the same servers that his company already tracked as Conti. Some of the files show IP addresses Conti used for Cobalt Strike attacks, which Recorded Future had seen before…

The leak shows how much of Conti’s operations are apparently contracted out from principal gang members to affiliate hackers, a relationship that can grow sour. “What’s interesting to me about this is how much of it is scripted,” Liska said… 

In their post leaking the files, the user, whose role in Conti’s operation has been to find vulnerabilities in potential victims’ networks, complained that those at the top of the gang took too large a percentage of the extortion money. “They recruit suckers and divide the money among themselves,” the user posted in Russian.

Maybe the next guy will leak some names and/or addresses too and they can be rounded up and face justice. Though I won’t hold my breath as that might be a fatal act in Russia seeing as we are talking about a Russian ransomware gang. Still, this might yield some useful info that someone who goes after scumbags like these.

Leave a Reply

%d bloggers like this: