A Prominent Ransomware Group Experiences A Major Internal Data Leak After It Sides With Russia

One among the prominently effective ransomware teams has encountered a huge outflow of internal information following its support for Russia in its clash with Ukraine. The data outflow from a Russia-based cybercriminal team named Conti took account of details regarding attack infrastructure, BTC addresses, and the internal clashes along with the allegations, in internal recriminations as well as chat logs.

The leak findings

Allan Liska (an intelligence analyst from a cybersecurity company Recorded Future) stated to have detected more than 150 Bitcoin (BTC) wallets and much analysis is to be performed over them. He stressed that a residual infrastructure could bring about drastic changes, which will permit the cybersecurity firms or governments to begin their efforts to point out weaknesses.

Even though several amendments can be done in the internal structures, he added, they understand the form and appearance of the back-end structures, along with the things that are required to be detected as well as the things to be searched across the respective structures.

Alex Holden of Hold Security provided further specifics regarding the findings of the leak. In his words, they witnessed the financial activities, they had an eye on their hopes, for instance, they discuss to construct their autonomous cryptocurrency, they quarrel with each other. One out of them just encrypted a medical center preoccupied with patients having cerebral palsy, and they attempt to expel the respective person from disturbing their code.

Providing support

Conti was considered to be among the most effective ransomware teams during the previous year, extorting more than $180M in revenue out of the crypto-related victims. Its achievement has been playing a key role in the RaaS (ransomware-as-a-service) model of business, where it offers malware to the affiliates to be used in return for a ransom percentage, which is growing to the rest of the ransomware teams.

Nevertheless, the majority of the Russian-language subversive platforms don’t permit discussions linked with the subjects related to the topic, as mentioned by the senior director over the research group at the company called Mandiant Inc. Oleg Bondarenko.

This counts to be the reason for the recent surprises of Counti as it solidly expressed its support for Vladimir, affirming that no government will be aligned with it, however, Western warmongers will be the target thereof. Up till now, having the status of being a worldwide decentralized activity, several nationalities are included in the membership thereof, taking account of Ukrainians. Allan Liska disclosed that Ransom has turned into a globe-wide activity.

Leave a Comment