An unknown member of the infamous Conti ransomware gang has been leaking internal documentation about the gang after it came out in support of Russia’s invasion of Ukraine.

The leaks started in late February in the days following the Russian invasion, with the leaker making it very clear that he or she was doing so because in support of Ukraine. Conti first emerged in 2020 and has quickly become one of the most prolific ransomware groups. It’s believed to have extorted $180 million from victims.

Previous Conti victims include Ireland’s health service, Advantech Co. Ltd., voice-over-internet-protocol hardware and software maker Sangoma Technologies Corp., hospitals in Florida and Texas, Tesla Inc. and Apple Inc. supplier Delta Electronics Inc. in January and kitchenware maker Meyer Corp. U.S. in February.

Conti ransomware group previously put out a message siding with the Russian government.

Today a Conti member has begun leaking data with the message "Fuck the Russian government, Glory to Ukraine!"

You can download the leaked Conti data here: https://t.co/BDzHQU5mgw pic.twitter.com/AL7BXnihza

— vx-underground (@vxunderground) February 27, 2022

Dubbed the “Panama Papers of ransomware” by John Fokker, the head of investigations at Trellix, the leaked material offers a rare insight into the workings and activities of a major ransomware gang. Files leaked include chat logs, infrastructure and the economics of how the gang operates. Notably, some of the correspondence shows that Conti has links to the Kremlin and the Russian government.

As detailed Wednesday by researchers by BreachQuest Inc., the leaks show Conti to be a multilayered organization that operates like a company that hires and even fire contractors and salaried employees alike. That analysis includes a detailed Conti organization chart that shows the various people involved in the gang, starting from Stern, “the big boss” at the top of the group.

Apparently, hiring for a criminal ransomware gang isn’t that easy, despite the large amounts of money involved.

“Conti understands that the turnover ratio of workers is also very high due to the fact that they are running a criminal organization,” the BreachQuest researchers noted. “The Conti group has an HR/Recruiter that assists with the continual finding and recruitment of new candidates.”

Conti’s overhead costs were also detailed, as well as what they call “Project Blockchain,” an effort to create its own “altcoin” or form of cryptocurrency. Also detailed were operation details, such as how Conti compromises sites, escalates attacks and receives payment and the various tools used by the gang to spy on and compromise victims.

“The leaks reveal Conti’s arsenal and their mindset,” the researchers at BreachQuest said. They added that they “believe that many offspring or splinter ransomware groups will appear as this level of knowledge and insight that has never before been shared.”

Image: Pixabay