Russian-Supporting Ransomware Gang Member Leaks Group’s Chats

The Conti ransomware gang publicly declared its support for Russia, but probably didn't expect immediate mutiny from members.
Aaron Drapkin

Chat logs belonging to the infamous Conti ransomware gang – which recently declared its support for Russia in the wake of the country’s invasion of Ukraine – have been leaked.

The conflict has already seen a number of prominent hacking and ransomware groups declare support for both sides, as well as the creation of a 200,000 strong Ukrainian IT Army.

The explosion of cyber-attacks that have taken place since the Russian invasion is a grim reminder to businesses that now is the time to review, update cybersecurity protocols and install software that will help to fend off attacks.

Conti’s Support for Russia Comes at a Price

The Conti Ransomware gang – which has collected $25.5 million in payouts from victims between July-November of 2021 – was one of the first hacking groups to throw its hat into the ring with vocal support for Russia.

The group is known for targeting the US industrial sector and a devastating attack on Ireland’s healthcare system which could end up costing the country $100 million to fix. 

“If anybody decides to organize a cyberattack or any war activities against Russia” the group announced in a message last Friday, “we are going to use our all possible resources to strike back at the critical infrastructure of the enemy”. 

It now appears, however, that not everyone in the group was prepared to toe the party line. An apparent insider has leaked reams over 340 separate files that date back as far as January 2021, some of which include addresses gang members used to receive cryptocurrency payments and records of negotiations with victims.

An apparent Conti insider has leaked reams over 340 separate files that date back as far as January 2021, some of which include addresses gang members used to receive cyrptocurrency payments.

“Glory to Ukraine” read the final line of an email containing the chat logs, which were sent round to a number of journalists after being stolen.

As a result of the leak, the Conti group changed their initial message declaring support for Russia to one with a slightly more neutral tone, one that goes into more depth about why they’re supporting Russia and even includes a condemnation of the war.

Hackers and Threat Actors Choose Their Side

As the Russian tanks rolled across Ukraine’s border last week, the digital dimension of the conflict – which had begun long beforehand – took on a life of its own.

The conflict has caused a split in the cybercrime underworld, a place where hacking groups usually work side-by-side, concerned largely with targeting large businesses and government entities, rather than fighting for political causes.

Along with Conti, a Belarusian group known as “UNC1151” – which is thought to include military officials – vocalized their support for Russia. The group is thought to be responsible for cyberattacks on the Ukrainian government website back in January and spread phishing domains across Facebook. 

Other groups that have thrown their support behind Russia include SandWorm, which also has military links (Russian this time) and became known for targeting WatchGuard Firebox Firewalls, and The Red Bandits, who have been targeting Ukrainian infrastructure on behalf of the Russian government for years now and orchestrated the first-ever cyber attack to both cause a blackout and effect electrical disruptions remotely.  

Ukraine – which doesn’t have a dedicated cyber force nor a slew of quasi-military hacking groups to rush to their aid – has not had too much trouble pooling support. A volunteer cyber army – which is now said to be 200,000 strong – has already had some success taking down Russian government web pages.

Anonymous, thought by many to be the world’s largest hacking group, publicly declared war on the Russian government last weekend and took down Russia Today’s website shortly afterward.

GNG – an anonymous-affiliated group that recently hacked Russia’s Sberbank – and another hacking group called NB65 have declared they’re fighting for Ukraine.

A group known as KelvinSecurity is also supporting Ukraine. “I want to release this to support the digital war against RUSSIA” a member of the group said in a text message. “I have a list of weapons development documents that I took from a Russian ballistic institute and I also have internal videos from RT, and the Russian nuclear institute.”

AgainstTheWest – a hacking group linked to Chinese government data breaches – has also taken Ukraine’s side, as have the Belarusian Cyber Partisans, the latter of which has already attacked Belarusian railway infrastructure since Russia’s invasion of Ukrainian territory.

Protecting Your Business From Cyber Attacks

As Tech.co reported just days ago, the cyber war being waged between Russia and Ukraine has risks for businesses and individuals beyond the conflict zone.

Businesses in the US and beyond need to ensure their software is up to date, but also that they have the right software to stop malware, ransomware, and other types of malicious files in their tracks.

At the moment, all eyes are on Ukraine as Russia continues its unjustified assault of the country. But it's unlikely to be long before hacking groups involved in the conflict look westwards to see what havoc they can wreak elsewhere.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals