Connect with us

Hi, what are you looking for?


Conti ransomware’s internal chats leaked after siding with Russia

An angry member of the Conti ransomware operation has leaked over 60,000 private messages after the gang sided with Russia over the invasion of Ukraine.

BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.

AdvIntel CEO Vitali Kremezwho has been tracking the Conti/TrickBot operation over the last couple of years, also confirmed to BleepingComputer that the leaked messages are valid and were taken from a log server for the Jabber communication system used by the ransomware gang.

In total, there are 393 leaked JSON files containing a total of 60,694 messages since January 21, 2021, through today. BleepingComputer was told that these messages came from a Jabber log server that stored the messages in an unencrypted format.

Leaked Conti conversations
Leaked Conti conversations

These conversations contain various information about the gang’s activities, including previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.

For example, the conversation below is the Conti members wondering how BleepingComputer learned of their attack on Shutterfly in December.

Conversations shared with BleepingComputer about ShutterFly
Conversations shared with BleepingComputer about Shutterfly
​Translated by Google Translate

Kremez also shared a snippet of conversation that he found discussing how the TrickBot operation was shut down, as we reported last week.

trickbot r
Discussion about TrickBot closing down
​Translated by Google Translate

There are also conversations about Conti/TrickBot’s Diavol ransomware operation and 239 bitcoin addresses containing $13 million in payments, which were added to the Ransomwhere site,

The leak of these messages is a severe blow to the ransomware operation, providing sensitive intelligence to researchers and law enforcement about their internal processes.

Advertisement. Scroll to continue reading.

While the above snippets are only a tiny piece of the leaked conversations, we can expect to see far more information learned from the data in the coming weeks.

Messages leaked over Conti’s siding with Russia

Earlier this week, the Conti ransomware operation published a blog post announcing their full support for the Russian government’s attack on Ukraine. They also warned that if anyone organized a cyberattack against Russia, the Conti gang would strike back at critical infrastructure.


After Ukrainian Conti affiliates grew upset over the siding with Russia, the Conti gang edited their message to state that they “do not ally with any government” and that they “condemn the ongoing war.”

Conti ransomware promises retaliation if Western cyberattacks target Russian critical infrastructure

However, their change of heart came too late, and an angry member of the Conti gang emailed BleepingComputer and other journalists tonight with a link to the leaked conversations.

The reason shared by the Conti member for why they shared the private conversations can be read below:

Here is a friendly heads-up that the Conti gang has just lost all their sh*t. Please know this is true.

The link will take you to download an 1.tgz file that can be unpacked running tar -xzvf 1.tgz command in your terminal .
The contents of the first dump contain the chat communications (current, as of today and going to the past) of the Conti Ransomware gang. We promise it is very interesting.

There are more dumps coming , stay tuned.
You can help the world by writing this as your top story.

It is not malware or a joke.
This is being sent to many journalists and researchers.

Thank you for your support

Advertisement. Scroll to continue reading.

Glory to Ukraine!

The leak of the private conversations illustrates how divided the underground hacking community has become over Russia’s invasion of Ukraine.

While many people believe that ransomware gangs are mostly operating out of Russia, there are many affiliates and operations running directly from Ukraine.

For example, BleepingComputer recently learned that the Maze, Egregor, and Sekhmet operations were operating directly from within Ukraine, with one of the developers telling BleepingComputer that they were arrested by the SSU.

Therefore, it is not surprising that ransomware gangs and hacking groups who side with Russia find that their Ukrainian members are getting upset, and potentially taking revenge, as we saw with Conti tonight.

Click to comment

Leave a Reply



Calm, the meditation and relaxation tech startup featuring a medley of celebrity voices, has laid off a fifth of its staff. The company is...


Placeholder while article actions load The de facto leader of Samsung received a presidential pardon on Friday, wiping clean the billionaire scion’s criminal record...


COVINGTON, Ga. — One area team opened a new season with a win while the other began with a loss. Social Circle downed Newton...


The power of TikTok was on full display this week after a Houston woman went viral for rescuing a puppy discovered hidden in piles...

Online Business Success

A pump is seen at a gas station in Manhattan, New York City, US, on August 11, 2022. — Reuters Brent crude futures were...


Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here. Can AI-driven fitness...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...