Ukrainian Researcher Hacks Notorious Russian Ransomware Gang

A Ukrainian researcher breached the ransomware gang known as Conti and released 13 months of data, including bitcoin addresses, negotiations between Conti and some of its victims, and chat logs, The chats included internal “conflicts and accusations,” reports BankInfoSecurity, citing as a source Alex Holden, CTO of ransomware and cybercrime consultancy Hold Security. Conti is said to have been developed by a Russian cybercrime group called Wizard Spider. According to Holden, the Ukrainian researcher published the hacked data after Conti expressed support for the Russian invasion and threatened to target any site that launched a cyberattack against Russia. After the data was released, that post is said to have been removed and replaced with a post that included a declaration that the group “does not ally with any government” and condemns the war.

Holden, in a tweet linked to the InfoBankSecurity post, suggests one reason more sophisticated extortionists want to advertise their neutrality is purely business, based on their understanding of how cyber insurance works. They target what they assume are insured organizations, he says, because they consider them less likely to balk or bargain. But they also understand their policies may have exclusions for force majeur events, like an act of war, and they don’t want to jeopardize the claim.

Conti is said to be one of the most successful ransomware groups, having hit hundred of targets, including, in May of 2021, Ireland’s health service, which reportedly resulted in $48 million in clean-up costs.

According to one source quoted in the InfoBankSecurity article, the massive leak of Conti’s data could put them out of business. Affiliates, he says, will wonder how long the operation has been compromised and whether any information that was obtained points to them.