This week has been information overload when it comes to cybersecurity, leaks, and cyberattacks resulting from the invasion of Ukraine.
However, this week’s biggest story is the massive data leak from the Conti ransomware operation, including over 160,000 internal messages between members and source code for the ransomware and TrickBot operation.
In addition to the Conti Leaks, we also saw someone dox the TrickBot/Conti operation members, leaking private messages and their personal information.
These leaks are a treasure trove of information for security researchers and law enforcement who get a detailed look into the inner operations of an organized ransomware gang that runs their operation like a business.
It should be noted that over the past week, there has been a tremendous amount of information released by a lot of people around the Conti and TrickBot leaks, which makes it impossible to catalog it all. If we missed anyone, we apologize.
Contributors and those who share new ransomware information and stories this week include: @PolarToffee, @VK_Intel, @malwareforme, @BleepinComputer, @FourOctets, @serghei, @demonslay335, @fwosar, @malwrhunterteam, @Ionut_Ilascu, @struppigel, @jorntvdw, @LawrenceAbrams, @DanielGallagher, @billtoulas, @Seifreed, @darktracer_int, @AvastThreatLabs, @CrowdStrike, @ContiLeaks, @trickleaks, @BrettCallow, @MsftSecIntel, @ransomwarefiles, @briankrebs, @HoldSecurity, @radvadva, @ransomwhere_, @LadislavZezula, and @JGomes_EU.
February 27th 2022
A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine.
February 28th 2022
Microsoft said that Ukrainian networks were targeted with recently found malware several hours before Russia’s invasion of Ukraine on February 24th.
Japanese automaker Toyota Motors has announced that it stopped car production operations. The outage was forced by a system failure at one of its suppliers of vital parts, Kojima Industries, which reportedly suffered a cyberattack.
Professional services and insurance giant AON has suffered a cyberattack that impacted a “limited” number of systems.
PCrisk found a new Dharma ransomware variant that appends the .xgpr extension.
PCrisk found new STOP ransomware variants that append the .fgnh and .fgui extensions.
March 1st 2022
Analysis of the PartyTicket ransomware indicates it superficially encrypts files and does not properly initialize the encryption key, making the encrypted file with the associated
.encryptedJB extension recoverable.
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more.
STORMOUS ransomware gang has officially announced its support for the Russian governments.
The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.
PCrisk found a new STOP ransomware variant that appends the .sdjm extension.
March 2nd 2022
In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.
PCrisk found a new Phobos ransomware variant that appends the .DIKE extension.
A network relationship map, showing the relationships between users, based on the leaked Conti chat logs.
March 3rd 2022
Avast has released a decryptor for the HermeticRansom ransomware strain used in targeted attacks against Ukrainian systems over the past ten days.
PCrisk found a new Phobos ransomware variant that appends the .iiof extension.
March 4th 2022
PCrisk found a new Phobos ransomware variant that appends the .vyia extension.