Most people know how ransomware works. Your systems get infected, and your data is encrypted. It is common asymmetric encryption is involved meaning the attacker has the private key and if paid, will unencrypt your data. If you don’t pay, they will either keep your data encrypted or leak it on some darknet forum. Conti is famous for leaking stolen data when victims don’t pay. They also have publicized their support for the Russian side of the Russian Ukraine war. This action caused one Ukraine security researcher to strike back by leaking private data from the Conti group.
Kerbs on security went into details about the story behind what was leaked found HERE. It is interesting to see a criminal organization with over 100 salary employees have their conversations leaked. There is talk about helping members who have been arrested via funding lawyers, communications that occur when defenders such as the FBI disrupt services and a general feel of how the business is ran. Part 2 looks at staff schedules, senior vs newbie communication, department budgets, etc. Kerbs defines some of the office rules as the following
“Other Conti departments with their own distinct budgets, staff schedules, and senior leadership include:
–Coders: Programmers hired to write malicious code, integrate disparate technologies
–Testers: Workers in charge of testing Conti malware against security tools and obfuscating it
–Administrators: Workers tasked with setting up, tearing down servers, other attack infrastructure
–Reverse Engineers: Those who can disassemble computer code, study it, find vulnerabilities or weaknesses
–Penetration Testers/Hackers: Those on the front lines battling against corporate security teams to steal data, and plant ransomware.”
Check out Kerb’s post (Part 1 found HERE) along with Part 2 found HERE.