Conti gang threatens to dump victim data if ransom negotiations leak to reporters - The Record by Recorded Future
Conti gang threatens to dump victim data if ransom negotiations leak to reporters
The Conti ransomware gang has published a rare public statement today threatening hacked companies that they will leak their stolen files if details or screenshots of the ransom negotiations process are leaked to journalists.
These ransom negotiations usually take place after Conti (or any other ransomware gang) breaches a company and encrypts their files. A ransom note is left on affected desktops, with instructions on how the victim could contact the attackers.
Typically, ransomware gangs prefer leaving an email address where the victim can reach out, but more often than not, they provide a unique URL to a so-called “payment site” where victims are asked to log in and talk to the attackers via a web-based chat feature.
If an employee of the attacked company uploads a copy of the ransom note or the ransomware binary on malware-scanning portals like VirusTotal, the details included in these ransom notes, including links to the web-based chat feature, can also be discovered by security researchers, who often access these negotiations pages and sometimes share them on social media.
The Conti ransomware gang has published a rare public statement today threatening hacked companies that they will leak their stolen files if details or screenshots of the ransom negotiations process are leaked to journalists.
These ransom negotiations usually take place after Conti (or any other ransomware gang) breaches a company and encrypts their files. A ransom note is left on affected desktops, with instructions on how the victim could contact the attackers.
Typically, ransomware gangs prefer leaving an email address where the victim can reach out, but more often than not, they provide a unique URL to a so-called “payment site” where victims are asked to log in and talk to the attackers via a web-based chat feature.
If an employee of the attacked company uploads a copy of the ransom note or the ransomware binary on malware-scanning portals like VirusTotal, the details included in these ransom notes, including links to the web-based chat feature, can also be discovered by security researchers, who often access these negotiations pages and sometimes share them on social media.
