Conti Ransomware Gang Refuses to Leak their Negotiation Chats

Messages between the malware's creators and one of its victims, Japan's JVCKennwood, have been revealed, necessitating this drastic move.

Conti Ransomware Gang Refuses to Leak their Negotiation Chats
Conti Ransomware Gang Refuses to Leak their Negotiation Chats | Image credits: CloudSEK

Extortionate ransomware criminals are attempting to restrict and control media coverage of their highly effective attacks. For example, when journalists or IT specialists acquire information that is leaked or you locate what you are looking for, the so-called Conti gang threatens to disclose the stolen data from its victims, according to Heise Online.

Messages between the makers of the malware Conti and one of its victims, Japan's JVCKennwood, over the amount of a ransomware ransom have been disclosed, prompting this severe measure. When the organization found out about the leak, they promptly halted discussions and released the stolen JVCKennwood data. The Tor network's leak site reports this to the cybercriminals.

They said they had nothing against press coverage in general, but that their "negotiations" with their clients over the ransom amount were "regular business" and hence warranted discretion, according to the announcement. For even more, the cybercriminals claim to be "intellectually and ethically repulsive" and do not wish to engage in this "cheap" technique like reporting with extracts from the exchange of communications (namely, open chats simply to be picked up by screenshots and published).

If you intend to publish anything, you must first obtain permission from the organization. Select professionals and journalists would be contacted, and you would conduct interviews with them. The announcement indicated that this is the group's first public statement and that more will follow.

It would be more difficult for specialists to do their jobs

Not only does this danger put those targeted under pressure to keep quiet and refrain from disclosing any information to the media or IT security experts, but it also makes their work more difficult. Many of those afflicted don't contact these companies directly; instead, they get their information from places like VirusTotal, where people who have been infected upload malware samples or web chat links (in which they can talk to the extortionists about the ransom amount).

Specialists frequently make use of them and look into the attacks to see what tactics the perpetrators are employing, what new harmful code they are employing, or if a well-known organization has been affected. A ransomware gang's victims may also find and post messages they've exchanged with the group on social media or in blogs.

The ransomware Ryuk and Conti used by the blackmailers are well-known. An extremely successful cybercrime gang, the Conti Group has recently migrated from encrypting victim data with malware to copying it first and then publishing it on an especially maintained leak website to threaten. The Conti Group is one of the most successful cybercrime groups in recent years. Only commonalities in the malware code or shared infrastructure can lead us to believe that it is always the same gang, or at least not one of the many offshoot groups.