page =
url = https://krebsonsecurity.com
krebs on security – in-depth security news and …
A redacted screenshot of the Conti News victim shaming blog.
“We are looking for a buyer to access the network of this organization and sell data from their network,” reads the confusingly worded message inserted into multiple recent victim listings on Conti’s shaming blog.
It’s unclear what prompted the changes, or what Conti hopes to gain from the move. It’s also not obvious why they would advertise having hacked into companies if they plan on selling that access to extract sensitive data going forward. Conti did not respond to requests for comment.
“I wonder if they are about to close down their operation and want to sell data or access from an in-progress breach before they do,” said Fabian Wosar , chief technology officer at computer security firm Emsisoft . “But it’s somewhat stupid to do it that way as you will alert the companies that they have a breach going on.”
The unexplained shift comes as policymakers in the United States and Europe are moving forward on efforts to disrupt some of the top ransomware gangs. Reuters recently reported that the U.S. government was behind an ongoing hacking operation that penetrated the computer systems of REvil , a ransomware affiliate group that experts say is about as aggressive and ruthless as Conti in dealing with victims. What’s more, REvil was among the first ransomware groups to start selling its victims’ data.
REvil’s darknet victim shaming site remains offline. In response, a representative for the Conti gang posted a long screed on Oct. 22 to a Russian language hacking forum denouncing the attack on REvil as the “unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.” Continue reading →
Conti Ransom Gang Starts Selling Access to Victims