Trusted

Ransomware Group Suffers Data Leak After Siding With Russia

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • One of the most successful ransomware groups has experienced a massive leak of internal data, after it sided with Russia in the Ukrainian conflict.
  • The data leak included attack infrastructure details, Bitcoin addresses, as well as internal conflicts and accusations, in the form of chat logs and internal recriminations.
  • Conti was one of the most successful ransomware groups last year, extorting over $180 million in revenue from victims in cryptocurrency.
  • promo

One of the most successful ransomware groups has experienced a massive leak of internal data after it sided with Russia in the Ukrainian conflict.

The data leak from Conti, a cybercriminal group believed to be based in Russia, included attack infrastructure details, Bitcoin addresses, as well as internal conflicts and accusations, in the form of chat logs and internal recriminations.

“I’ve found 150-plus Bitcoin wallets, there’s a whole lot of analysis to be done with that,” said intelligence analyst at cybersecurity firm Recorded Future Allan Liska. He emphasized that an understanding of the back-end infrastructure could be a game-changer, which will enable “governments or cybersecurity companies to start poking to find weaknesses.” Although internal structures could still be amended, “now we know what the back-end structure looks like, and we know what to scan for, what to look for when they move it,” he added.

Hold Security’s Alex Holden went into further details about what the leak revealed. “We see the financial operations, we see their aspirations, for example, they talk about building their own cryptocurrency, we see them fighting with each other,” he said. “One of them recently encrypted a hospital filled with cerebral palsy patients, and we see how they are trying to kick this person out for breaking their code.”

Taking sides

Conti was one of the most successful ransomware groups last year, extorting over $180 million in revenue from victims in cryptocurrency. Its success has been based around its ransomware-as-a-service (RaaS) business model, where it provides affiliates with malware to utilize in exchange for a percentage of the ransom, which is spreading to other ransomware groups. However, “most Russian-language underground forums don’t allow discussions related to political topics,” said Oleg Bondarenko, a senior director on the research team at Mandiant Inc.

This is why Conti surprised many last week by firmly establishing itself in line with Russian President Vladimir Putin, stating it would use “all possible resources to strike back at the critical infrastructures of an enemy.” It later issued a more muted announcement, claiming that it didn’t align with any government, but would target “Western warmongers.” 

Yet, as a global decentralized operation, it counts many nationalities among its membership, including Ukrainians. “Ransomware is a global operation,” said Allan Liska, “You may be based in Russia but you have to take into account all of the affiliates that are spread out all over the world right now, most likely, who are not fans of Russia.” While the identity of the leaker is still unclear, Alex Holden believes it could have been a Ukrainian cybersecurity researcher.

What do you think about this subject? Write to us and tell us!

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

photo_Nick.jpg
Nicholas Pongratz
Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics from CEU. He has been writing about cryptocurrency and blockchain technology since 2018, and is intrigued by its potential economic and political usage.
READ FULL BIO
Sponsored
Sponsored