SECRET Chat Leak Exposed Russian Hackers Conti Explained.
Have you ever wondered about the inner workings of Russian ransomware gangs? Recently, leaked two-year-old Conti group chats have shed light on the secret world of Russian hackers, revealing a surprisingly different reality from what we had previously assumed.
It’s an intriguing glimpse into this mysterious and complex realm. One of the most dangerous ransomware organizations on the planet. They rose higher than anyone ever before and met a sudden demise.
Here’s how a revenge-driven data leak started an unprecedented international cyber investigation.
First Conti appearance the first Conti ransomware variant appears in December 2019. It takes some time to get the gears rolling, but by the end of 2020, the group, allegedly based in Russia, St. Petersburg, already has over 150 victim and one of the most dangerous ransomware tools on the planet. Although Conti shares many similarities with any usual ransomware attack, each Conti cyberattack is tailored to get access to as much data as possible. Along with encryption, the threat actors copy all of the accessed files.
How the leak happened In February 2022, the war starts. Hours after Russia crosses Ukrainian borders, Conti releases a statement in full support of Russia, with promises to strike back at the enemy. It doesn’t take long for the statement to backfire. Just a few days later, a ContiLeaks account appears on Twitter, with one goal in mind to give Conti a taste of their own medicine.
How Conti operates According to data dissections of multiple cybersecurity research companies, the Conti ransomware gang appears to have separate business departments, responsible for different parts of the illegal operation. There are also signs of a Business Development department, which mostly handles ransomware negotiations. Other significant teams include Finance, responsible for transactions and money laundering, and of course, an HR department. The leaked Conti messages also reveal the presence of management figures.
Recruitement and salaries but how does an illegal organization even get this big? Well, like any other tech company – they constantly recruit new members. This is where the HR department comes in.
A ransomware company with millions in profits can seem like a dream for any threat actor. But the reality isn’t that dreamy. While negotiators are able to take a cut of the ransom profits, according to some sources, programmers receive around a $1,500 to $2,000 monthly wage.
To keep the morale up, the best-performing members are awarded the title of “Employee of the month” and a 50% salary bonus.
Connection to the Russian government Russia already has a reputation for harboring cybercriminals but getting actual proof is a bit more difficult. Even if Conti didn’t have direct contact with the government – they knew the unspoken rule.
If you don’t do anything against Russia and its allies, you’re free to operate however you want. And while Russia may not directly benefit from the cybercriminals the havoc caused by each cyber-attack may prove to be a strategic advantage.