Conti Ransomware Group Private Chats Exposed after Pro-Russian Post

The Conti ransomware gang has been one of the most commonly encountered names in IT security news when it comes to ransomware over the past couple of years. The group suffered a nasty blow late last week, as one Conti member leaked a number of the group's files, including internal chats.

Conti Internal Chats Leak Online

The Conti ransomware group put up a blog post on its website last week. The gist of the post was that Conti fully supported the Russian government and what the Russian media still calls a "military operation" in Ukraine. The pro-Russian post by Conti culminated with the threat that if anyone was to "organize a cyberattack or any war activities against Russia", then the Conti group would use "all possible resources to strike back at the critical infrastructures of an enemy".

The blog post obviously incited a Conti member to leak the internal memos and chats of the group, as reported by The Record. The files are of a significant volume and will take some time to fully study and pick apart, but the security researchers who have examined them confirmed their authenticity - this is indeed Conti internal correspondence.

Some interesting highlights of the chats include information about the relationship between Conti and other cyber gangs, including the outfits operating Emotet and Trickbot, data regarding companies that never announced being hit by ransomware but negotiating or paying ransom, as well as full crypto wallet addresses where Conti would receive ransom payments. The chats also included confirmation by Conti members that the TrickBot network had indeed been shut down, as security researchers believed after the TrickBot network logged a sudden decrease in activity last week.

LockBit Gang Takes Note of Conti Situation

The original post that triggered the leak due to its pressing, aggressive language has since been edited to sound milder, but the leak has already taken place. Another infamous ransomware gang - LockBit - kept a lid on it and posted a neutrally worded announcement, stating they will not be picking sides in the ongoing conflict, stating LockBit were "apolitical" and were only in it for the money.

Whether the leak of Conti internal information will lead to any meaningful developments remains to be seen.