A Ukrainian security researcher has leaked thousands of internal messages belonging to members of the Conti ransomware group after the cartel announced its full support of the Russian authorities, threatening to strike back at the critical infrastructures of enemies who would organize a cyber attack or any war activities against Russia.

The gang, however, later softened rhetoric to say that ‘we do not ally with any government and we condemn the ongoing war,” although the team maintained that it “will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.”

Security researchers have confirmed the validity of the leaked data. The information was leaked by a security researcher who had access to the "ejabberd database" backend for Conti's XMPP chat server.

The leak includes 393 JSON files containing a total of 60,694 messages since January 21, 2021, through February 27, 2022. These messages contain various information about the gang's activities, including previously unreported victims, messages confirming the shut down of the TrickBot botnet earlier this month, private data leak URLs, bitcoin addresses, and discussions about their operations. The leaked conversations are available here.

Cybersecurity Help’s statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war!