One of the most successful ransomware groups has experienced a massive leak of internal data after it sided with Russia in the Ukrainian conflict.

The data leak from Conti, a cybercriminal group believed to be based in Russia, included attack infrastructure details, Bitcoin addresses, as well as internal conflicts and accusations, in the form of chat logs and internal recriminations.

“I’ve found 150-plus Bitcoin wallets, there’s a whole lot of analysis to be done with which,” said intelligence analyst at cybersecurity firm Recorded Future Allan Liska. He emphasized that an understanding of the back-end infrastructure could be a game-mabove, that will enable “gabovenments or cybersecurity companies to start poking to find weaknesses.” Although internal structures could still be amfinished, “now we know what the back-end structure looks like, and we know what to scan for, what to look for when they move it,” he added.

Hold Security’s Alex Holden went into still details about what the leak revealed. “We see the financial operations, we see their aspirations, for example, they talk about generating their own token, we see them fighting with each other,” he said. “One of them recently encrypted a hospital filled with cerebral palsy patients, and we see how they are trying to kick this person out for breaking their code.”

Taking sides

Conti was one of the most successful ransomware groups last year, extorting atop $180 million in revenue from victims in token. Its success has been based around its ransomware-as-a-service (RaaS) business model, where it provides affiliates with malware to utilize in exmove for a percentage of the ransom, that is touching other ransomware groups. Yet, “most Russian-language underground forums don’t alflat discussions related to political topics,” said Oleg Bondarenko, a senior director on the research team at Mandiant Inc.

This is why Conti surprised many last week by firmly establishing itself in line with Russian President Vladimir Putin, stating it would use “all possible resources to strike back at the crucial infrastructures of an enemy.” It afterwards issued a more muted announcement, claiming which it didn’t align with any gatopnment, but would target “Western warmongers.” 

Notwithstanding, as a global decentralized operation, it counts many nationalities among its membership, including Ukrainians. “Ransomware is a global operation,” said Allan Liska, “You may be based in Russia but you have to take into account all of the affiliates which are spread out all above the world right now, most likely, who are not fans of Russia.” While the identity of the leaker is also unclear, Alex Holden believes it could have been a Ukrainian cybersecurity researcher.

What do you think about this subject? Write to us and tell us!

The post Ransomware Group Suffers Data Leak After Siding With Russia appeared first on CryptCraze.