After the Conti ransomware operation allied with Russia in the invasion of Ukraine, an enraged member of the gang disclosed over 60,000 private messages. Internal conversations previously revealed about Conti’s attack on Shutterfly have confirmed the truth of these chats.
According to AdvIntel CEO Vitali Kremez, who has been following the Conti/TrickBot operation for the past couple of years, the disclosed conversations were retrieved from a log server for the ransomware gang’s Jabber communication system.
Since January 21, 2021, there have been 393 JSON files released, holding a total of 60,694 messages. These communications were said to have come from a Jabber log server that saved them in an unencrypted format.
These communications include previously undisclosed victims, private data breach URLs, bitcoin addresses, and comments about the gang’s operations. Kremez also revealed a sample of a discussion he overheard about how the TrickBot activity was brought to a halt.
There are also discussions concerning Conti/Diavol TrickBot’s ransomware operation and the addition of 239 bitcoin addresses with $13 million in payments to the Ransomwhere website. The ransomware operation has suffered a significant setback because of the disclosure of these emails, which provide crucial information to researchers and law enforcement regarding their internal activities.
While the shared snippets represent only a small portion of the stolen chats, significantly more information will be gleaned from the data in the following weeks.
As a result of Russia’s invasion of Ukraine, hackers, ransomware gangs, and security researchers have begun to take sides in the conflict. While some ransomware gangs have chosen to support Russia, others, such as LockBit, have remained neutral.
Conti, on the other hand, is unlikely to disappear very soon, even though this leak is humiliating and gives invaluable insight into their operations. They will, however, continue to be a menace as a result of their recent takeover of the stealthy BazarBackdoor malware and transformation into a real crime organization.
