After a week-long deep dive into data pertaining to the notorious Conti ransomware gang, BreachQuest has determined that the group’s members believe they are working for a legitimate company. Ukrainian gray-hat hacker ContiLeaks has been exposing information pertaining to the hacking group since late February, allowing researchers to comb over the group’s intimate details such as chat logs and other doxxed data. In addition, the site leaked the source code for Conti ransomware, TrickBot malware, a decryptor, and the gang’s administrative panels.
BreachQuest found that the ransomware group’s benefits such as bonuses, employee of the month, performance reviews, and intensive training might be better than some legitimate companies. The data was exposed after the ransomware group’s leaders posted an aggressively pro-Russian message to their official site in the days following Russia’s invasion of Ukraine. BreachQuest stated that the Conti Group operates like a high-tech company that even hires and fires contractors and salaried employees. Therefore, some of the individuals working for the group may be oblivious to the actual work they are completing.
Read More: Staff Think Conti Group Is a Legit Employer