An A Ukrainian security researcher has leaked over 60,000 internal messages that appear to belong to the Conti ransomware gang, after the gang sided with Russia over the invasion of Ukraine.
The CEO of AdvIntel, Vitaly Kremets, who has been monitoring the Conti/TrickBot operation for the past two years, confirmed to BleepingComputer that the leaked messages are valid.
See also: LockBit & Conti: The most active ransomware in the industrial sector
In total, they have leaked 393 JSON files containing 60.694 messages from 21 January 2021 until today. The Conti gang started their operation in July 2020, so not all conversations are included in these files.
The internal messages contain various information on the activities of the gang: attacks on victims who were not known, bitcoin addresses and more.
There are also discussions about the Diavol ransomware operation of Conti/TrickBot and 239 bitcoin addresses containing 13 million dollars in payments, which were added to the Ransomwhere site.
The leak of these messages is a serious blow to the ransomware operation, as important information about the gang's activities has come into the hands of investigators and authorities.
See also: Ransomware that hit Ukraine used as bait
Earlier this week, ransomware gang Conti published a post announcing its full support for the attack of the Russian government in Ukraine. He also warned that if someone organizes a cyberattack against Russia, the Conti gang will retaliate against critical infrastructure.
Later, the Conti gang replaced its message with another, stating that "is not allied with any government" and that "Condemns the ongoing war“.
However, the first announcement seems to have upset Ukrainians hackers and a Ukrainian security researcher who allegedly had access to Conti's backend XMPP server contacted BleepingComputer and other journalists sending a link to the leaked data.
Among other things, the researcher said in the message:
“The link will lead you to download a 1.tgz file that can be unpacked by running tar -xzvf 1.tgz in your terminal.
The contents of the first dump contain the conversations (current, from today and in the past) of the Conti Ransomware gang. We promise it is very interesting.
More dumps are coming, stay tuned.
You can help the world by writing this as your top story.
It's not malware or a joke.
This is sent to many journalists and researchers.
Thank you for your support
Glory to Ukraine!“
The situation between Russia and Ukraine has also affected cyberspace, with many hacking groups, ransomware gangs and researchers choosing camp.
See also: Microsoft Exchange servers compromised by Cuba ransomware
While some ransomware gangs have sided with Russia, others, such as LockBit, remain neutral.
On the other hand, Ukraine asked for volunteer researchers and hackers to join its "IT Army" to carry out cyber attacks on Russian targets, with many responding to the call.
Source: Bleeping Computer
