The IT Nerd

From the “I did not have this on my apocalypse BINGO card” comes the news that Conti Ransomware Group which has Russian ties has fractured because of the Russian/Ukraine war. Here’s the details:

As Reuters reported on Friday, the gang known as the Conti group, announced its full support for the Russian government and Putin’s actions in a blog post last week. The post also carried a warning, “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”

As The Record reports, clearly not everyone in the gang is happy with the pro-Russian stance and one member decided to retaliate by leaking 339 files containing internal chats the gang had between Jan. 29, 2021 and Feb 27, 2022. In the email containing the files, the leaker commented, “We promise it is very interesting.” The identity of the person leaking the chats is unknown, but is obviously thought to be of Ukranian origin. 

Such a large amount of information is going to take some time to process, but the authenticity of the files has already been confirmed by Dmitry Smilyanets, a cyber threat intelligence analyst at Recorded Future. 

This is intelligence gold if you are part of the fight against them. Conti is one of the most prolific ransomware groups around. And if this creates an environment where these threat actors can be hunted down and brought to justice, or their attacks are made to be far less effective, then it’s a good day for all of us.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“The Conti gang threat is credible, and confirms an operational assumption already adopted by U.S intelligence officials: the Russian-Ukrainian conflict will have many cyber casualties in both the public and private sector.”

“Thanks to the number of digital channels in use by modern organizations, compromising critical infrastructure is a task within reach of even low-skill cyber actors. For instance, attackers can exploit the digital advertising ecosystem to target specific organizations and executives with a malicious campaign that installs a backdoor for future attacks.”

“The stakes are high, and there’s no place for complacency. Organizations should act quickly to secure any channels that could compromise their data or business functions, including Web and mobile surfaces.”

This entry was posted on February 28, 2022 at 8:59 am and is filed under Commentary with tags Conti, Russia. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.