For years, Russia’s cybercrime groups have acted with relative impunity. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn’t target Russian companies. Despite direct pressure on Vladimir Putin to tackle ransomware groups, they’re still intimately tied to Russia’s interests. A recent leak from one of the most notorious such groups provides a glimpse into the nature of those ties—and just how tenuous they may be.
A cache of 60,000 leaked chat messages and files from the notorious Conti ransomware group provides glimpses of how the criminal gang is well connected within Russia. The documents, reviewed by WIRED and first published online at the end of February by an anonymous Ukrainian cybersecurity researcher who infiltrated the group, show how Conti operates on a daily basis and its crypto ambitions. They likely further reveal how Conti members have connections to the Federal Security Service (FSB) and an acute awareness of the operations of Russia’s government-backed military hackers.