Security News > 2021 > August > Angry Affiliate Leaks Conti Ransomware Gang Playbook

An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work.

RaaS is a model in which an experienced ransomware developer creates and manages all the tools and infrastructure needed to perform attacks, while recruited affiliates do the actual heavy lifting.

Apparently, the group didn't pay one disgruntled affiliate as much as expected, leading to an online rant and a leak of key data representing "The holy grail of the pen-tester operation behind the Conti ransomware 'pen-tester' team from A-Z," ethical hacker and security researcher Vitali Kremez said, according to the report.

Data revealed by the post included the IP addresses for the group's Cobalt Strike command-and-control servers and a 113MB archive that contains numerous tools and training material for how Conti performs ransomware attacks, according to the report, which was later verified by Kremez on Twitter.

Kremez also told BleepingComputer that the playbook "Matches the active cases for Conti as we see right now."

"The implications are huge and allow new pen-tester ransomware operators to level up their pen-tester skills for ransomware, step-by-step," he said, according to the report.

News URL

https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/