Catalin Cimpanu reports:
A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia’s invasion of Ukraine.
The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists and security researchers.
Read more at The Record.
When Conti posted their warning message on Friday, I wondered how their non-Russian members or affiliates might feel about the strong support for Russia. Now we have an answer of sorts. The leaker says there will be more leaks. VX-Underground posted a copy of their message on Twitter:
There are a number of reasons for ransomware operators and affiliates to oppose any politicizing of ransomware operations. For one, it defeats the image that the group is just commercial in nature. Second, it risks putting the group on a banned list which will make them less likely to be paid. And third, it creates internal dissent and bad will as the members may come from different countries and political systems.
After observing the reaction to Conti’s warning, LockBit issued its own statement today affirming that it is not political and will never attack a country’s infrastructure.