A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.
The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, and individuals worldwide. It’s part of his “fight against an organized society of criminals known worldwide,” GangExposed told The Register via Signal chat. He claims that he’s not interested in the $10 million bounty that the Feds have put up for information about one key Conti leader that he’s already named, as well as a second that he says will soon be identified on Telegram.
Read more…
Source: The Register News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
August 6, 2019
First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that ...
- Cyberattacks against industrial targets have doubled over the last 6 months
August 5, 2019
Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say. On Monday, IBM’s X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the ...
- Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
August 5, 2019
We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware ...
- GermanWiper ransomware hits Germany hard, destroys files, asks for ransom
August 2, 2019
For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data. As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them ...
- Financial threats in H1 2019
July 31, 2019
Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts regularly analyze the statistics that the company’s products anonymously send to the cloud infrastructure of the Kaspersky Security Network (KSN) ...
- Keeping a Hidden Identity: Mirai C&Cs in Tor Network
July 31, 2019
With its notoriety for being one of the most active internet of things (IoT) malware families, Mirai is one malware family system administrators consistently keep their eye on to make sure systems and devices are protected. Despite all the attention that the malware has received, it seems cybercriminals are still continually developing and using this malware. Barely a ...