The Conti ransomware group has jumped on the bandwagon of recent threats made by similar groups about calling in the experts or otherwise publicly sharing information about ransomware attacks. Last week, the Conti ransomware group released a statement threatening to publish victims’ data if details or screenshots of ransomware negotiations are leaked to media or security researchers. Last month, Grief and Ragnar Locker made similar threats to organizations that contacted law enforcement or negotiators.
During investigations, it is not uncommon for malware samples to be uploaded to scanning portals like VirusTotal. Likewise, additional attack details are often shared to help recognize cyber threat actors and thwart future attacks. While these actions give researchers and journalists valuable information to share with the public, they hamper potential “negotiations” and put a crimp in ransomware groups’ efforts. Therefore, it seems Conti is trying to hedge its bets against that occurring by penalizing victims for publicly releasing attack information. To add insult to injury, Conti says that if information is released after a ransom has been paid, they will leak somebody else’s files as retaliation – but don’t count on them not releasing your data anyway – these are criminals and they have no honor. Access TheRecord for more.