Conti, the Russian Ransomware Syndicate is Harmed by Leaks in the Midst of the Ukraine Conflict

CNBC issued a report on threat intelligence companies, Conti, the Russian ransomware syndicate, also considered by the FBI as among the most notorious ransomware groups of last year has incurred some damage from leaks which include their source code of ransomware, as well as the size and other details of their business activities. 

Conti was founded in 2020, according to the Cyberint security researcher, Shmuel Gihon, and has grown to over 350 members who have amassed $2.7 billion in crypto. Gihon confirmed that “they were the most successful group up until this moment.” 

Cyberint stated in an online post that the leaks seemed to be a form of retribution for Conti’s backing of Russia’s attack on Ukraine. Conti could very well have stayed neutral, “as we suspected, Conti chose to side with Russia, and this is where it all went south,” said the post. Just 4 days after Russia’s invasion of Ukraine began, the leaks started coming out. 

According to CNBC, someone created an anonymous Twitter profile and began exposing countless internal group conversations together with pro-Ukrainian sentiments. It appears that the anonymous individual is done, seeing as their last post on Twitter was dated March 30th and contained the following message: “my last words… See you all after our victory! Glory to Ukraine!”

Gihon noted the magnitude of the impact, noting that several of his international peers have spent months looking over the records. According to Cyberint, Check Point, and other experts, the messages demonstrate that Conti functions and is structured similarly to a typical technology firm, with distinct management, finance, and human resource operations, as well as leaders of teams reporting to higher-ups on the management chain.

Additionally, the mails indicated that Conti maintains real facilities in Russia and could have connections to the Russian government, according to Cyberint. CNBC reached out to the Russian embassy in London for a response but heard nothing back. Previously, Moscow denied involvement in any form of cyberattacks or threats.

Although this organization has been hacked, Check Point Research believes it will likely resurrect, noting that it is still mostly operational.