Conti ransomware affiliate leaked gang's training material and tools

Conti ransomware affiliate leaked gang’s training material and tools

An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators.

An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators.

The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

Now one of its affiliates leaked the IP addresses for Cobalt Strike C2 servers and an archive of 113 MB that includes training material and tools shared by the Conti operators with its network to conduct ransomware attacks.

Bleeping computer first noticed the message published by the affiliate who was disappointed for the small payment he received by the Conti gang, only $1,500, for a ransomware attack.

“I merge you their ip-address of cobalt servers and type of training materials. 1500 $ yes, of course, they recruit suckers and divide the money among themselves, and the boys are fed with what they will let them know when the victim pays,” reads the post published the affiliate on a popular Russian-speaking hacking forum.

Administrators should block every connection with the servers used by the gang and revealed angry affiliate.

The affiliate also published another post containing an archive of 111 MB containing hacking tools, manuals in Russian language, and other documents used to instruct affiliates.

The decision of the affiliate to release information about the RaaS operations of the Conti gang highlights the importance of choosing reliable affiliates.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini AuthorPierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase