The Conti Ransomware Group Slides Into Disorder

From the “I did not have this on my apocalypse BINGO card” comes the news that Conti Ransomware Group which has Russian ties has fractured because of the Russian/Ukraine war. Here’s the details:

As Reuters reported on Friday, the gang known as the Conti group, announced its full support for the Russian government and Putin’s actions in a blog post last week. The post also carried a warning, “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”

As The Record reports, clearly not everyone in the gang is happy with the pro-Russian stance and one member decided to retaliate by leaking 339 files containing internal chats the gang had between Jan. 29, 2021 and Feb 27, 2022. In the email containing the files, the leaker commented, “We promise it is very interesting.” The identity of the person leaking the chats is unknown, but is obviously thought to be of Ukranian origin. 

Such a large amount of information is going to take some time to process, but the authenticity of the files has already been confirmed by Dmitry Smilyanets, a cyber threat intelligence analyst at Recorded Future. 

This is intelligence gold if you are part of the fight against them. Conti is one of the most prolific ransomware groups around. And if this creates an environment where these threat actors can be hunted down and brought to justice, or their attacks are made to be far less effective, then it’s a good day for all of us.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“The Conti gang threat is credible, and confirms an operational assumption already adopted by U.S intelligence officials: the Russian-Ukrainian conflict will have many cyber casualties in both the public and private sector.”

“Thanks to the number of digital channels in use by modern organizations, compromising critical infrastructure is a task within reach of even low-skill cyber actors. For instance, attackers can exploit the digital advertising ecosystem to target specific organizations and executives with a malicious campaign that installs a backdoor for future attacks.”

“The stakes are high, and there’s no place for complacency. Organizations should act quickly to secure any channels that could compromise their data or business functions, including Web and mobile surfaces.”

2 Responses to “The Conti Ransomware Group Slides Into Disorder”

  1. […] this week I wrote a story about disarray within the rather notorious Conti ransomware group. That disarray is now a […]

  2. […] plot twist that I perhaps should have seen coming. You might recall that the Conti ransomware group kind of fell apart over Russia’s invasion of Ukraine and some of their source code leaked out to the public. Now […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: