Lessons Learned from Conti leaks
Updated: Apr 22
A Russian-based Conti Ransomware gang chat leak has started a new debate. The massive chat leak from inside has provided a clearer picture of cybercriminal motives to the cyber researchers. Furthermore, it has made it evident that the Russian Ukraine war has divided the criminals who work for ransomware.
Some of the lessons that cyber researchers can learn are:
Hacking computers for ransomware groups is a boring job
One of the most prevalent comments about chat leaks is that ransomware hacking is boring, just like any desk work. Middle managers assign tasks, and salary is distributed twice a month. Some managers get angry when the workers go offline for several hours. Hackers are given one-word names and conceal their real names, but the chat was mostly about routine tasks like everyday office workers. It was usually chitchat, like talking about illness, personal and family discussions.
Low-level salaries are not so attractive
Lower rungs Conti hackers make $1500 dollars to $2000 dollars monthly, and they are not entitled to get a single penny from more enormous ransoms. Although the amount is good for Russian residents, higher-level hackers with expertise have many luxuries like riding Lamborghinis and having tiger cubs as pets.
Top-level hackers are making quite a good amount
Chainalysis estimated the income of Conti in 2021 to be about $180 million, and still, it was estimated by the recorded attacks, the attacks that go unnoticed may be much more. Another calculation was done using dump records by BreachQuest that indicates that ransomware group pays $6 million in salary and other minimal expenses compared to gang's earnings.
Heartless attacks are avoided
Conti announced that they avoid attacking or hacking critical areas like hospitals and airports, which could result in substantial human loss. But the claim was suspicious as Conti was involved in an Irish health care system attack that resulted in the loss of $600 million. However, it was noticed in the chat leak that the manager abstains workers from targeting hospitals. Even one of the workers was fired for disobedience, and they claimed that he was harming Conti's reputation.
There is no honor amongst thieves
The chat leak report by ReadMe stated that a manager had ordered an attack on a hospital using a Dollar handle in chat. Hacker named stern replied that he doesn't do locks, but after some time, the hacker sent the manager an encrypted series of numbers that was 20 percent share.
Conti supports Putin
Chat leaks have made it clear that the gang sympathizes with Russia over the Russian invasion of Ukraine. They narrate Putin's false accusations as fact, like Putin's claim that Ukraine is being run by a "neo-Nazi junta" and the other false narrative that Ukraine is trying to get nuclear weapons. The gang was also found chatting about news about Russia's success in the war.
Other gangs are doing good in politics
Other cyber gangs, such as the Lockbit, have also stated the Russian invasion, but they were comparatively neutral.
Law enforcement agencies are working on chat leaks
Chat leaks have helped researchers understand the internal working of ransomware gangs. Additionally, they can also be helpful for the law enforcement agencies to identify the thieves and impose legal investigations against them.
What makes the gang so careless?
In ransomware attacks, they encrypt the target's data or system and demand ransom for decryption. And still, a significant part of the chat in chat leak was in unencrypted form. However, some of the gang members were using an add-on for encryption.
Conti is still working
After the chat leak, it was assumed that the gang had stopped working, but they were found fully functional again on March 17.
We can help!
Are you looking for ongoing advisory services to assist in identifying vulnerabilities and security policies that should be in place and help improve your security posture? The team at Inception Security™ has been leveraged to enhance the security posture of fortune 100 companies, small and medium-sized businesses. Our team has a depth of knowledge in the cybersecurity industry and will be able to provide value to your business right away.
Contact Inception Security if your company is looking for advisory services.