back to article Analysis of leaked Conti files blows lid off ransomware gang

It was a Ukrainian security specialist who apparently turned the tables on the notorious Russia-based Conti, and leaked the ransomware gang's source code, chat logs, and tons of other sensitive data about the gang's operations, tools, and costs.  Since then, infosec researchers around the globe have been wading through this …

  1. elDog

    Check out Brian Krebs excellent multi-part discussion on Conti

    https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/

    He's been a fierce opponent (and target) of these criminal groups.

    Mostly operating from Russia but sometimes masquerading as being Ukranian ops. (Can't imagine why this would be so.)

    1. Pascal Monett Silver badge

      Re: Check out Brian Krebs excellent multi-part discussion on Conti

      A very interesting read. Thank you for that link.

    2. Anonymous Coward
      Anonymous Coward

      Re: Check out Brian Krebs excellent multi-part discussion on Conti

      - and all other parts of this... 'saga', from 'Day in the office', right to the last (for now) piece, published on Monday.

  2. YetAnotherJoeBlow

    Will people learn?

    Like most cyber crooks, if businesses kept their kit patched, Conti would be out of luck.

    1. ShadowSystems

      Re: Will people learn?

      You have to cut them some slack. You can harden your stuff to be as secure & resilient as possible, but it amounts to SFA if the underlying OS is so full of security issues that you've built your castle on quicksand.

      I feel the urge to embed the Youtube video clip of the Monty Python father explaining to his son about having built multiple castles on the same bit of land, the first two sinking into the swamp, but that this third/current one will surely last.

      Yes enterprise customers have more options than mere consumer customers, but there's only so much you can do to plug all the holes while MS seems to take great delight in racing around the bottom of the boat with a nuclear-powered ice pick...

      1. Potemkine! Silver badge

        Re: Will people learn?

        while MS seems to take great delight in racing around the bottom of the boat with a nuclear-powered ice pick

        OS vulnerabilities are not limited to MS only.

        https://nvd.nist.gov/vuln/detail/CVE-2022-0847

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036

        https://ubuntu.com/security/notices/USN-5317-1

        https://www.suse.com/support/update/announcement/2022/suse-su-20220755-1/

        https://access.redhat.com/errata/RHSA-2022:0777

        ....

        Complacency has no place in cybersecurity.

        1. trindflo Silver badge
          Big Brother

          Complacency and nuclear-powered ice picks

          +1 because you're both right.

          To the ice pick, as an ignorant peasant looking from afar it seems that changing things for the sake of changing them has been an integral part of Microsoft's business plan. As a market leader, you can impose costs and delays on your competitors if you keep changing the target.

          I think that has changed of late and the new tactic seems to be if you let Microsoft manage your computer, they will take care of you as best they can, but your computer then belongs to them.

          1. SImon Hobson Silver badge

            Re: Complacency and nuclear-powered ice picks

            it seems that changing things for the sake of changing them has been an integral part of Microsoft's business plan

            Correct - that's been part of their plan for many years, making things a moving target and routinely breaking any competitor's products (along with their own from time to time).

            if you let Microsoft manage your computer, they will take care of you as best they can, but your computer then belongs to them

            I'm not so sure of "as best they can", but essentially correct. It's another facet of the first bit - making it ever harder to use anything ut a fully MS ecosystem. MS stuff (taking care with my words here) "isn't always the best" for any particular task - but they've been masters of applying lipstick and making it all sort of work together in a way that makes it really hard for any competitors to get a foothold.

            There was a danger point for them a few years back when governments and other public bodies were starting to realise the risk and started putting "open standard" as a clause into procurement contracts. As an idea it worked, if your documents are in an open standard format then you can read them with someone else's software. Naturally MS recognised the danger of this, and spent a considerable amount of money buying national standards body votes to pass its "called open, called standard, but is neither open nor a standard" standard so they could tick the boxes.

            1. Mike 137 Silver badge

              Re: Complacency and nuclear-powered ice picks

              "changing things for the sake of changing them"

              This is endemic to the industry as a whole - not just MS, and even infects 'open source'. It's almost three decades since the generality was annual new version releases - now it's a constant stream of tweaks (e.g. the 6 week cycle of Firefox). The big problem is that at that 'upgrade' rate it's practically impossible to design, build, debug and test adequately, so the user has become a permanent beta tester.

              1. Gene Cash Silver badge

                Re: Complacency and nuclear-powered ice picks

                This is endemic to the industry as a whole

                Yes, ask my Oracle DBA on any given day what her plans are for the day, and she'll say "patching"

                henchmen responsible for HR and recruitment

                Um. Were we talking about cybercriminals or IBM? I'm confused...

  3. Anonymous Coward
    FAIL

    As if this guy

    hadn't enough to deal with due to the appalling situation in Ukraine, he now has to deal with the fact that he has been semi outed, (It was a Ukrainian security specialist who apparently turned the tables on the notorious Russia-based Conti,). Did the "authorities" need to tell everyone that fact? It doesn't need much thought to guess that someone from Conti will be looking for him. Even if they aren't, he still has to live with the fear that they might be.

    1. Anonymous Coward
      Anonymous Coward

      Re: As if this guy

      I think you'll find that the Russian administration accuses Ukraine of every crime (including against humanity) which they they themselves are perpetrating. As such they will regard as a bonus it any Ukranian anti-crackers are killed during this genocide.

      Since Putin Huylo believes all Ukrainians (and Russians living in Ukraine) are all obviously criminals, that is his justification for total annihilation not just of the people but their buildings and infrastructure. You know there might just be AI in some of their IT systems so that must be eliminated too. Next he will discover that there is sentient mushrooms in Ukraine so that even the soil must be totally sterilized.

      AC 'cos you never know, the rest of Europe may be next.

      [edit] I believe that most Russians are hardworking honest people but they are seriously let down by their government. Shame they seem to be gullible enough to believe their state media.

      1. Gene Cash Silver badge

        Re: As if this guy

        Shame they seem to be gullible enough to believe their state media.

        Well that does suck, but they don't have much in the way of choice. Anyone not toeing Putin's line is pretty much quickly arrested, and while they don't have a Great Wall like China, I don't think the typical Russian is that computer-savvy to read much abroad, plus the language barrier doesn't help.

      2. DJV Silver badge

        Re: "Shame they seem to be gullible enough to believe their state media."

        Also applies to other countries. See:

        * UK: Brexit.

        * UK: Anything said by Boris Johnson, Jacob Rees-Mogg, Priti Patel, etc.

        * USA: Anything said by pretty much any Republican.

        Terry Pratchett had the best idea:

        “We put all our politicians in prison as soon as they’re elected. Don’t you?”

        “Why?”

        “It saves time.”

        1. Rol

          Re: "Shame they seem to be gullible enough to believe their state media."

          It's most likely down to additives in popular multinational fast foods.

          I see the usual suspects have a huge high street presence in all the counties that have a populace willing to accept anything they are told by anybody with a social media account.

          Flat Earth burger and fried space alien giblets anyone?

  4. Clausewitz 4.0
    Devil

    It was a Ukrainian security specialist

    "It was a Ukrainian security specialist who apparently turned the tables"

    More like it was a Ransomware operative who took sides when the war broke out.

    1. Rol

      Re: It was a Ukrainian security specialist

      I really do hope that is the case, as that little fact would nibble away at any nefarious organisations trust in each other.

      Hell! It wouldn't surprise me if undercover operatives, planted in those organisations, outnumber the real criminals. Just like in Tom Sharpe's Riotous Assembly or was it Indecent Exposure, it's been too long. Where undercover South African police end up being the only members of a communist terror gang, all trying to outdo each other in grievous violence, to better their standing in the group. It's hilarious.

  5. Anonymous Coward
    Anonymous Coward

    What I'd really like is a return to sender option

    It's all jolly well working out what they get up to, but as yet that hasn't stopped them.

    What I'd love is enough intel to return the favour by rendering every bit of their IT so hostile they'd have to go back to abacuses.

  6. Sir Loin Of Beef

    Love the side comment. Just like the US to keep letting you know there is evil out there...

  7. Throatwarbler Mangrove Silver badge
    Trollface

    "Extort"

    Such an ugly, biased word! Surely you would not want to defame these hard-working entrepreneurs who are, after all, just employing their top-notch technical skills to earn some well-deserved cash revealing the weaknesses in the security profiles of decadent Western businesses!

  8. Medixstiff

    "As of late February, Conti's primary Bitcoin address contained more than $2bn in digital currency, according to a Rapid7 report."

    So if they know the address, how long before the US requests the funds be frozen?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like