Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Disgruntled Member of 'Conti' Ransomware Gang Leaks Files (nbcnews.com) 40

"Someone claiming to work with one of the most notorious ransomware gangs says they're fed up with how extortion money is divvied up and has leaked a host of the gang's files on a hacker forum," reports NBC News: The files, posted to a forum frequented by Russian-speaking cybercriminals and reviewed by NBC News, include numerous instruction manuals allegedly belonging to Conti, a Russian-speaking hacker group that has attacked several hospitals, including health care chains in the U.S., and Ireland's national system, the Health Service Executive... The leak appears authentic, said Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, as it describes the attacks as coming from the same servers that his company already tracked as Conti. Some of the files show IP addresses Conti used for Cobalt Strike attacks, which Recorded Future had seen before...

The leak shows how much of Conti's operations are apparently contracted out from principal gang members to affiliate hackers, a relationship that can grow sour. "What's interesting to me about this is how much of it is scripted," Liska said...

In their post leaking the files, the user, whose role in Conti's operation has been to find vulnerabilities in potential victims' networks, complained that those at the top of the gang took too large a percentage of the extortion money. "They recruit suckers and divide the money among themselves," the user posted in Russian.

This discussion has been archived. No new comments can be posted.

Disgruntled Member of 'Conti' Ransomware Gang Leaks Files

Comments Filter:
  • by Viol8 ( 599362 ) on Monday August 09, 2021 @06:13AM (#61671721) Homepage

    Who knew?

    Maybe the next one will leak some names and/or addresses too and they can be rounded up though I won't hold my breath as that might be a fatal act in russia.

    • by SkonkersBeDonkers ( 6780818 ) on Monday August 09, 2021 @06:21AM (#61671729)

      The only people that will ever leak are the useful idiots recruited from amongst morons with criminal leanings.

      The controllers are either Russian mafia or Russian gov't (I know the distinction is difficult to make at times) and they aren't stupid enough to let anyone else get hold of their identities.

      Aside, it's not entirely impossible that even this leak is some kind of plan.

      • Not only that. (Score:5, Interesting)

        by Gravis Zero ( 934156 ) on Monday August 09, 2021 @07:36AM (#61671837)

        It's also possible that someone (say the NSA) hacked them and by sowing distrust they aim to break up the organization for a more long-term effect.

        • More likely Mrs. Roberts though. :)

        • It's also possible that someone (say the NSA) hacked them and by sowing distrust they aim to break up the organization for a more long-term effect.

          It's also possible that this is the work of Doctor Fauci or Hillary Clinton.

          • by Anonymous Coward
            can't tell if sarcasm or really bat shit crazy
            • Dr. Fauci has The Science and Hillary Clinton has that cloth that wipes servers clean. They could do it.
            • can't tell if sarcasm or really bat shit crazy

              A little bit of both.

              The other crazy part is that it could be believed by some people today.

        • It's also possible that someone (say the NSA) hacked them and by sowing distrust they aim to break up the organization for a more long-term effect.

          Which is exactly the sort of thing I’d want the NSA to be doing in this case.

      • The controllers are either Russian mafia or Russian gov't (I know the distinction is difficult to make at times)

        The Vory: Russia's Super Mafia [amazon.com] -- Mark Galeotti .

        Mark Galeotti is the go-to expert on organized crime in Russia, consulted by governments and police around the world. Now, Western readers can explore the fascinating history of the vory v zakone, a group that has survived and thrived amid the changes brought on by Stalinism, the Cold War, the Afghan War, and the end of the Soviet experiment.

        The vory—as the Russian mafia is also known—was born early in the twentieth century, largely in the Gul

    • by v1 ( 525388 )

      complained that those at the top of the gang took too large a percentage of the extortion money

      Looks like someone forget to read up on how there's "no honor among thieves". Thieves steal from everyone, including other thieves. This will never change.

      I wonder what the biggest reason for so many of them being based in Russia is though... lax laws? crime syndicates? easy to bribe the law? maybe even government sanctioned? (it DOES bring money into the country)

      • I wonder what the biggest reason for so many of them being based in Russia is though

        They have less competition with the government than in the US.

      • by CrappySnackPlane ( 7852536 ) on Monday August 09, 2021 @08:05AM (#61671903)

        I wonder what the biggest reason for so many of them being based in Russia is though...

        To put it simply, Russia is baby bear. First-world enough for many to grow up with computers and internet and spare time to really get into the nitty-gritty of both; yet not quite first-world enough to impart a sense of economic security or faith in "the system" of law-abiding citizens. Close enough to the West to develop an innate sense of its culture and psychology, but separate enough that western Europe and America are "the other". The government is "legitimate" enough to have a seat at the UN and be recognized as a power by other countries, form trade routes and whatnot - but definitely corrupt enough that there's plenty of unofficially-officially sanctioned petty crime.

        • by Zontar_Thing_From_Ve ( 949321 ) on Monday August 09, 2021 @10:26AM (#61672259)

          I wonder what the biggest reason for so many of them being based in Russia is though...

          To put it simply, Russia is baby bear. First-world enough for many to grow up with computers and internet and spare time to really get into the nitty-gritty of both; yet not quite first-world enough to impart a sense of economic security or faith in "the system" of law-abiding citizens. Close enough to the West to develop an innate sense of its culture and psychology, but separate enough that western Europe and America are "the other". The government is "legitimate" enough to have a seat at the UN and be recognized as a power by other countries, form trade routes and whatnot - but definitely corrupt enough that there's plenty of unofficially-officially sanctioned petty crime.

          Here's what you need to know about dealing with Russians. It's a sweeping generalization so of course some people won't be like this, but in general it's true for most you will meet. I speak Russian well and spent a good deal of time in the early 2000s around Russians so here's my take.

          The Soviet Union ruined these people, maybe forever, in terms of having a moral center. The Soviet Union and the successor governments are completely corrupt, so this has led to people basically thinking that following the rules is for suckers. The Baltic States are basically the only former USSR territories that don't still operate on payoffs and bribes and they had their own issues with that but they resolved them years ago.

          What people generally miss and it's key to understanding Russians, is that they have s short term outlook to the extreme. In a hypothetical example, imagine a rich guy gives Ivan a choice - he can have $100 now or he can wait exactly one week from now and get $10000. No catch - less money now, more money later. One or the other. I would expect almost all Russians to take the $100 offer because they will think "I may be dead one week from now". Russians, even in the government, will do things that make no sense because they have no long term outlook, so they really don't care if some action completely blows up on them months or a few years down the road.

          The other thing you need to know about dealing with them, and it doesn't really apply here but it's good to know, is that generally they have no concept at all of "win-win" scenarios. Not any. So if you ask a Russian to negotiate, they will look at giving in on any point, even just one, as a complete loss of the negotiations. Trump's inability to recognize this was a huge problem in dealing with Putin. Putin won't want to make deals on anything unless he gets everything he wants and you get nothing and/or he comes out of it with his prestige lifted a lot and yours diminished a lot. So really, there are no deals to be made with the Putin government. We just have to hope he doesn't push his military too far in the anti-US and anti-EU direction and that maybe his eventual successor will integrate Russia more fully into the west.

          • by Jzanu ( 668651 ) on Monday August 09, 2021 @11:01AM (#61672403)
            Your post is a good description of what Russia became. I should like to point out that the satellites of East Germany and Poland have also succeeded in removing the vestige of institutional corruption inherited from the Soviet alliance-domination. And to offer some experiential explanation for what caused the short-term view to be an obsession. In the poorer regions such things as food and clothing were hard to find, and the requirements of daily living pushed out self-awareness. Imagine North Korea much larger, but still as poor with the same militarism and deification of soldiering; then add with even more delusion because the cultural history had been warped to externalize all threats despite their origin in the lack of supplies.
          • What you're describing is standard third world mentality. I know that the whole "first, second, third world" nomenclature is out of vogue, but it's really quite accurate, and the short-term focus you're describing is typical in places here there's virtually zero security about the future ie. every third world country in existence. Why plan? Why stop drinking vodka? I could be dead next week.

            Russia is, and always was, a third world country that managed to bring their economy up to second world standards
            • Third world countries do not exist anymore - since 30 years.
              Russia used to be a second world country till roughly 1970.
              In our days it is a first world country.

              Has nothi g real to do with governmeny but standard of living.

              • Russia a first world country? Youre gonna have to cough up some proof on that one. The BRICS are second world, at best.
                • Then USA is third world, too ...
                  Perhaps you have a weird idea what first world means:
                  - health insurance
                  - schools
                  - police
                  - universities
                  - working energy grid
                  - working internet
                  - working water pipes

                  etc. p.p.

                  When was the last time a "forrest fire" destroyed a town in Russia?

              • That's the dream, isn't it? Even from the time of the Tsars.

          • I worked at a company with a Russian emigree who was a co-owner and I worked on his side of the company.

            He basically ruined the company with what amounted to Soviet style thinking. Meetings were like Politburo sessions -- you listened to him talk for about 45 minutes, and then the meeting was over. There was no "meeting" in the conventional sense.

            Negotiating anything with him was as you describe -- it was ALWAYS a zero sum game. I'm not even talking about just "significant" negotiations -- pretty much an

            • "...fed him bullshit and kept him in the dark."

              Interesting. Mushroom Management usually goes in the opposite direction.

              • Most of us worked nearly full time at client locations, so he was unable to truly "oversee" what we did.

                Attempts at that came later, with time-consuming "reporting" requirements on customer status. This got mostly avoided because customers (once it was explained to them) didn't see any value in losing 2 hours of billable engineering time on reports they didn't want.

        • In Soviet Russia, bear babies you!
      • >

        I wonder what the biggest reason for so many of them being based in Russia is though... lax laws? crime syndicates? easy to bribe the law? maybe even government sanctioned? (it DOES bring money into the country)

        That might be target bias. It seems like so many in Russia, because the US is a big target.

        Apparently an easy one as well.

      • > I wonder what the biggest reason for so many of them being based in Russia is though... lax laws? crime syndicates? easy to bribe the law? maybe even government sanctioned? (it DOES bring money into the country)

        Weak rule of law, high level of organized crime and corruption, and very likely operating at the nexus of official government state security and organized crime, and the fact that targeting non-Russian interests is inherently useful to the Russian government.

        I doubt the financial return from ran

    • by DamnOregonian ( 963763 ) on Monday August 09, 2021 @07:42AM (#61671849)

      "They recruit suckers and divide the money among themselves,"

      Oh, for a second I thought they were talking about American businesses.

      • by Anonymous Coward
        Any businesses, not only American!
    • Are we about to see an era of metaransomware?

    • Anyone who believes this was a "disgruntled" associate is fooling themselves in the end. The reality is someone, the US / UK / some other Western country, caught up with someone and actually did something similar to the "drug them, then hit them with a wrench" detailed in the XKCD comic. If you look a few weeks ago, or possibly a few weeks from now, there will be an "accidental" death, disappearance, or random street violence. That person, if connected to the ransomware gang, is the one who gave up the good
    • by jellomizer ( 103300 ) on Monday August 09, 2021 @09:57AM (#61672175)

      The general issue with any Black market activities (From Organized Crime, to selling raw milk) is the lack of protection for anyone from the boss to the workers to the customer.

      While Mob Movies often show the Mob Leaders treating their employees like family (which is often in contrast to the people working honest jobs) it is more often a case like an abusive family relationship where fear drives obedience. And that promised exciting world becomes a humdrum activities, and sucking up to the boss hopping he would reward you at some point. Which rarely ever happens.

  • ... until gang members have to train their H-1B replacements.

  • by Fuzi719 ( 1107665 ) on Monday August 09, 2021 @09:51AM (#61672151)
    "They recruit suckers and divide the money among themselves,"

    So, it's Uber/Lyft/Doordash.
  • Yep, this sounds about how these gangs always end.
  • by jellomizer ( 103300 ) on Monday August 09, 2021 @10:03AM (#61672191)

    I do find it really sad, that this guys motivation was because he wasn't getting enough money out of the deal, vs realizing that he was hurting innocent people, such as attacks on healthcare institutions.

  • While all countries bear responsibility to enforce online crimes like extortion, much of this does seem to originate in Russia. I hope they spend more time to using this information to lock up these bad guys, instead of trying to control what their citizens say on their "Internet".
  • Considering how devoid of humanity these cybercriminals are (attacking hospitals, for fuck's sake!) I'm sure they'll hunt down whoever this is and kill him/her in the most drawn out, painful, horrifying way possible.
    Is this really my own species doing shit like this?
    It's no wonder to me that starfaring alien civilizations, if they exist, would hide from us. :-(

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...