It almost felt like Christmas came early in a winter of despair.
As noted yesterday, a Conti member who appears furious with Conti for its statement supporting Russia started dumping internal records from Conti with a statement ending, “Glory to Ukraine!”
The leak was first reported on Twitter by VX-Underground:
Conti ransomware group previously put out a message siding with the Russian government.
Today a Conti member has begun leaking data with the message “Fuck the Russian government, Glory to Ukraine!”
You can download the leaked Conti data here: https://t.co/BDzHQU5mgw pic.twitter.com/AL7BXnihza
— vx-underground (@vxunderground) February 27, 2022
Since the data were provided, researchers have been poring through it all, sharing some of their findings on Twitter. Here are some bits and pieces of findings:
 |
 |
@luc4m reported:
Unique onion URLs at https://pastebin.com/ajYqMpvf
Number of chats by username: https://pastebin.com/5HyLqQBt
@vxunderground reported:
The Conti ransomware leaks have unveiled Conti’s primary Bitcoin address.
From April 21st, 2017 – February 28th, 2022 Conti has received 65,498.197 BTC
That is 2,707,466,220.29 USD.
@BrettCallow reported finding a chat where one party told the other: “There is a journalist who will help intimidate them for 5% of the payout.”
And that was just yesterday’s leak… there has been more data leaked today to go through.
Update: A subsequent tweet by @JBurnsKoven challenged the amount of ransom payments reported by @vxunderground:
We have tracked nearly $200 million in ransom payments received by Conti by the end of 2021. We’re not seeing indications from the #contileaks that proceeds are into the billions as has been suggested. pic.twitter.com/QJXoCKezQu
— J. Burns Koven (@JBurnsKoven) March 1, 2022
Expect more discussion on that issue, too.