The creators of Conti ransomware have now adopted the same strategy that many other ransomware threat groups have pioneered to extort more money from victims. A data leak site has been developed to publicly name the victim companies that refused to pay for decryption and threaten to leak private data files. In the past, Conti ransomware has been associated with distribution by TrickBot, but it is unclear if the same operators developed this site. This has been building up all summer as Conti has become increasingly popular amongst threat actors. At this time, the site has 26 victims, with some of them being large and well-known organizations. This new site has changed the ransom note that comes with Conti and is left on computers after they have been infected. Instead of receiving a message about emailing the threat actors about recovering the encrypted data, it now says the data will be published if the ransom is not paid. It will be interesting to see what other ransomware threat groups will add this strategy.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in