Conti ransomware gang, which leaked ransomware victims’ data, has its own data leaked

What is delicious irony to the cybersecurity community at large is a troubling embarrassment to a ransomware gang.

The notorious Conti ransomware group, which nailed its colours to the mast by publicly announcing its support for Vladimir Putin’s invasion of Ukraine, and threatened to launch cyber attacks against anyone who targeted Russia, has had its own data leaked.

Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code.

I was many of many infosecurity commentators who was contacted via an anonymous email on February 27, with a link to logs of the Conti group’s internal chats.

An email which signed off with the cry of “Glory to Ukraine!” gave a “friendly heads-up” had “lost all their shit”:

Further material has since been leaked from the @ContiLeaks Twitter account, thought to be run by a Ukrainian security researcher.

If you don’t have the time or inclination to read the last few years’ internal chat logs of a ransomware gang I can fully understand. Thankfully investigative journalist Brian Krebs has written a series of articles analysing the Conti group’s chats in some detail.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.