According to a report this week by CNBC citing threat intelligence companies, a Russian organisation known as Conti, which the FBI calls one of the most prolific ransomware groups of 2021, has been harmed by leaks detailing its size, leadership, and business operations, as well as the source code of its ransomware.
According to Shmuel Gihon, a security researcher at Cyberint, the group was founded in 2020 and has grown to roughly 350 members who have earned $2.7 billion in cryptocurrencies. “Up until this point, they were the most successful bunch,” Gihon remarked.
Cyberint stated in an online article that the disclosures appeared to be a retaliation for Conti’s support for Russia’s invasion of Ukraine. As we expected, Conti chose to side with Russia, and this is where it all went south. The group could have remained silent. Four days after Russia’s invasion of Ukraine, the leaks began.
According to CNBC, someone created an anonymous Twitter account and began exposing hundreds of internal messages from the group, as well as pro-Ukrainian sentiments. The leaker appears to have finished, as he wrote on March 30: “These are my final words… We’ll see you all after we’ve won! Ukraine, bravo!”
According to Gihon, the impact was significant, and many of his global colleagues spent weeks looking through the documents. According to Cyberint, Check Point, and other experts, Conti operates and is organised along the lines of a typical tech firm, with obvious management, finance, and human resource divisions, as well as team leaders who report to higher management.
According to Cyberint, the messages also revealed that Conti has real offices in Russia and may have ties to the Russian government. CNBC reached out to the Russian embassy in London for comment, but they did not answer. Moscow has repeatedly denied being involved in cyber-attacks.
Read more: U.S. Banks prepare for retaliatory ransomware attacks from Russia