Security News > 2021 > August > Angry Conti ransomware affiliate leaks gang's attack playbook

A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators.

The Conti Ransomware operation is run as a ransomware-as-a-service, where the core team manages the malware and Tor sites, while recruited affiliates perform network breaches and encrypt devices.

Today, a security researcher shared a forum post created by an angry Conti affiliate who publicly leaked information about the ransomware operation.

Attached to the above post are images of Cobalt Strike beacon configurations that contain the IP addresses for command and control servers used by the ransomware gang.

In a subsequent post, the affiliate shared an archive containing 111 MB of files, including hacking tools, manuals written in Russian, training material, and help documents that are allegedly provided to affiliates when performing Conti ransomware attacks.

"By and large, it is the holy grail of the pentester operation behind the Conti ransomware"pentester" team from A-Z. The implications are huge and allow new pentester ransomware operators to level up their pentester skills for ransomware step by step.

News URL

https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/