To no one’s surprise, the Conti ransomware gang announced its support for Russia following

Putin’s orders to invade Ukraine. But, considering that quite a few of their members are

Ukrainian, it’s easy to see how this announcement could have backfired.


Who Are The Conti Gang?

Conti is one of the most notorious ransomware gangs in the world. They’re believed to be

operating out of Russia, with members from all over Eastern Europe.

Conti is responsible for many high-scale, international attacks. They are known to target critical

infrastructure in Western countries, such as:

● Government websites

● Police stations

● Businesses, and more.

The gang usually runs ‘double extortion’ attacks, stealing data and encrypting it. They then ask

the victim to pay a ransom to retrieve the data.


Conti’s Relation to Russia

Cybersecurity experts are certain that the gang has close ties with the Russian government.

Considering the targets of their attacks, this isn’t hard to believe.

If that’s not enough, their initial stance on the Russia - Ukraine situation says it all. Less than a

week after the invasion, Conti posted a message on the dark web announcing ‘full support’ for

Russia. They also threatened Western countries that tried to intervene with cyberattacks.

After receiving heavy backlash, the group released a second, more neutral statement. Conti

collaborates with members from all over the world, so taking such a hard stance on a sensitive

topic probably wasn’t the best idea.

How the Data Leak Happened

The data leak was made available via email to various security researchers and reporters. The

message also read that there would be additional leaks soon. For a detailed view on all leaks,

check out @ContiLeaks on Twitter. The person behind this account is likely the leaker himself.


The leaker gained access to the gang’s XMPP chat server. This will surely be a blow to Conti’s

reputation. It’s not yet known who’s responsible for the attack. The media calls the person

responsible for the data leak a ‘Ukrainian researcher.’

Considering the scale of the leaks, the perpetrator is likely a former member who switched

sides. They were able to leak over 60,000 chats dating from January 2021. They also shared

the source code the group uses for their attacks.

How Do Data Leaks Occur?

If a notorious cybercrime gang can fall victim to a data leak, then every individual on the planet

is vulnerable. In Conti’s case, the leak probably happened from an insider. That’s actually the

most common scenario for data leaks across organizations. 94% of organizations have suffered

some form of an insider data breach.

But that’s far from the only danger out there. Weak login credentials are also common in data

leaking incidents.

Furthermore, outdated software leaves organizations vulnerable to malware, allowing threat

actors to access valuable data. Phishing is also massively distributed across employees of

targeted organizations in the hopes that one of them slips up.

Ironically, it’s exactly these types of vulnerabilities that gangs like Conti look for in their victims.