One Russian organization referred to as Conti, which the FBI calls one of the most prolific ransomware groups of 2021, has now been damaged by multiple leaks. These leaks detailed its size, leadership, and business operations, together with the source code of its ransomware, based on a report published this week by CNBC citing several threat intelligence companies.
“They were the most successful group up until this moment.”
In a recent online post, Cyberint explained that the leaks appeared to be a major act of revenge prompted by Conti’s support of the Russian invasion of Ukraine. That group might have remained silent, but:
“As we suspected, Conti chose to side with Russia, and this is where it all went south.”
These leaks began four days after Russia’s invasion of Ukraine. Somebody went and opened an anonymous Twitter account and started leaking thousands of this group’s internal messages together with pro-Ukrainian statements, CNBC reported. The leaker appears to have since finished writing on March 30:
“My last words… See you all after our victory! Glory to Ukraine!”
The impact was massive, according to Gihon, who added that most of his global colleagues have spent several weeks poring through and keenly analyzing the published documents.
Check Point, Cyberint, and many other specialists stated that the messages show Conti operates and is organized along the lines of a typical tech firm. Notably, it has clear management, finance, and human resource functions, and team leaders who report to the upper management.
The messages also indicated that Conti has physical offices in Russia and might have ties to the Russian government, according to Cyberint. Nonetheless, the Russian embassy in London never responded to requests by reporters for comments. In the past, Moscow denied that it takes part in cyberattacks. Though this group has now been compromised, it might make a comeback in the coming months, Check Point Research stated, adding that it is still ‘partly’ operating.