Russian ransomware hackers pledge support to Putin and immediately have secret chats exposed by Ukrainian leaker

‘F*** the Russian government’, the leaker said in their message. ‘Glory to Ukraine!’

Adam Smith
Tuesday 01 March 2022 11:05 GMT
Comments
(Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A ransomware cabal that pledged support for Russia’s invasion of Ukraine has been hacked.

A cache of chat logs belonging to the Conti ransomware gang leaked online by an insider who objected to their support of Vladimir Putin.

"Fuck the Russian government”, the leaker said in their message. “Glory to Ukraine!"

The leak, shared with malware research group VX-Underground, contained 400 files of tens of thousands of chat logs in Russian dating back to January 2021; the group only formed in mid-2020.

The gang provides ransomware-as-a-service, letting customers buy access to its attack facilities. Estimates suggest the group was received over $30 million in ransomware payments to date. Reportedly, the chat logs contain Bitcoin addresses and payments made to the gang.

It is also possible that the group has ties to Russian intelligence, with reports suggesting that the chat logs confirm a chain of command between the group and Russian agencies.

On 25 February, the group shared a message saying that it had “full support” for Mr Putin.

"If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy," the Conti blog post read.

Two days later, the group uploaded another message in which they claimed to condemn the war but would still support their home country.

“The Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world”, they wrote.

“We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression.”

The Conti ransomware team did not respond to a request for comment from The Independent before time of publication.

It is not clear who leaked the messages as their identity has not been revealed but Alex Holden, founder of cybersecurity company Hold Security and a Ukrainian, said that it had been leaked by a “Ukrainian citizen, a legitimate cybersecurity researcher, who is doing this as part of his war against cybercriminals who support the Russian invasion”.

The leak could be a severe hit for the ransomware group “not least because their affiliates and other associates will have lost confidence in the operation,” said Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch.

“They’ll undoubtedly be wondering when the operation was compromised, whether law enforcement was involved and whether there are any breadcrumbs which could lead to them.”

While Conti supports Russia, other hacking collectives have come in behind Ukraine. This includes members of Anonymous and a group called the Cyber Partisans which encrypted the data of parts of the Belarusian rail network.

Ukraine has also been bolstered by a volunteer ‘IT Army’ which gained around 230,000 subscribers in the days since it was launched, encouraged by members of the Ukrainian government.

There could be, however, deep ramifications for encouraging normal citizens to take on cyber warfare and unforeseen knock-on effects, especially as common cyber attacks such as Distributed Denial of Service (DDoS) which floods websites with traffic to make them unusable have become more easily accessible over time.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in