A Ukrainian security researcher has stolen the chat logs of the ransomware gang Conti and put them on the internet. As a group, Conti previously expressed support for the Russian invasion of Ukraine. The Ukrainian investigator then leaked more than 60,000 chat messages from the Jabber chat service used by the gang. The messages run from January 2021 to February 27, 2022.
The authenticity of the messages has been confirmed by Bleepingcomputer and is further supported by cybersecurity firm Hold Security. It’s likely that the ransomware gang has been followed from the inside by security researchers for some time, but their open support for Russia was the last straw for the Ukrainian researcher.
In the leaked conversations, the gang members discuss their activities. This also brings up unknown victims. In addition, they share links to other unknown data breaches and discuss the overall state of their operation. In the 239 discussed bitcoin addresses, a total of more than 13 million euros can be found.
A leak of this magnitude is rare and gives investigators and law enforcement an intimate look behind the scenes of a professionally run ransomware ring. The leaked data is only part of the total, and the researcher also announced that more information about the gang may be released in the future.
The eventual reason for the action is a blog post posted by Conti in which they indicate that they will use ‘all their available fighting power’ against countries that attack Russia digitally. In doing so, they would target essential infrastructure ‘of the enemy’.