In one leaked conversation, hackers debated whether to send a ransomware victim a sample of stolen data in order to prove they breached the company. The logs also show how Conti and its affiliates would infiltrate multiple companies each week-trading ideas on the best ruses to get victims to pay. Carbon Black didn't respond to a request for comment. It's pretty awesome." Targets were frequently small- and medium-sized firms, or organizations in the developing world, he said.In response to a request for comment, a Sophos representative said in an email that the company had flagged the Conti account as suspicious when hackers tried purchasing Sophos software, and the group abandoned the transaction.
"This leak provides a lot of data on how they run operations, so we can improve our own defenses and figure out how they would operate. "We've spent countless hours researching this group and where they're from," he said. By testing malware against widely used security tools, Conti could find weak spots in the technology to circumvent popular cyber products, said Dave Kennedy, co-founder of the security firm TrustedSec, who has been tracking Conti for years. The hacking group used front companies to contact sales representatives from legitimate security vendors Sophos and Carbon Black to obtain samples of antivirus software offerings, documents show. It is known for ruthlessness, targeting hospitals during the COVID-19 epidemic and crippling Ireland's healthcare system last year. It was first observed in 2020 and uses the "ransomware-as-a-service" model in which new groups of hackers lease malicious software to "affiliates" in exchange for a cut of the proceeds. Conti is both a type of ransomware and the name of the group behind it. They offered different theories on how Conti's files were made public, with some suggesting a leak by a Ukrainian member of the gang or perhaps a researcher with inside access. Multiple security experts confirmed the trove was legitimate. It offers an unprecedented, behind-the-scenes look into a group that used phony email attachments, stolen passwords and phone calls to bilk more than $200 million from its victims last year, the cryptocurrency-tracking firm Chainalysis Inc. While conversations and negotiations with hackers have leaked before, few have matched the Conti trove's scale and detail. The files expose the group's organizational structure and clues about the techniques used to stay ahead of police, which represents valuable intelligence.
Taken together, experts told Bloomberg News, the Conti leak may have done more to expose its members and undermine its methods than investigations by law enforcement and security firms. The files also divulged the organized-crime equivalent of proprietary secrets: particulars on the gang's use of specific malware tools and insights on their negotiation techniques. Another detailed an attempted hack on a contributor to an investigative journalism outlet probing the suspected poisoning of a prominent Kremlin critic ("Bro don't forget about Navalny"). In one chat message, a member of Conti expressed fury that someone associated with their group had targeted a website inside Russia ("Such d-heads," this person called colleagues). The data contains details on specific hacking campaigns, Bitcoin wallets used by the gang and ruminations on the future of cryptocurrency as a tool for money laundering.