An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators.
The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.
Now one of its affiliates leaked the IP addresses for Cobalt Strike C2 servers and an archive of 113 MB that includes training material and tools shared by the Conti operators with its network to conduct ransomware attacks.
Bleeping computer first noticed the message published by the affiliate who was disappointed for the small payment he received by the Conti gang, only $1,500, for a ransomware attack.
“I merge you their ip-address of cobalt servers and type of training materials. 1500 $ yes, of course, they recruit suckers and divide the money among themselves, and the boys are fed with what they will let them know when the victim pays,” reads the post published the affiliate on a popular Russian-speaking hacking forum.
Administrators should block every connection with the servers used by the gang and revealed angry affiliate.
The affiliate also published another post containing an archive of 111 MB containing hacking tools, manuals in Russian language, and other documents used to instruct affiliates.
The decision of the affiliate to release information about the RaaS operations of the Conti gang highlights the importance of choosing reliable affiliates.
(SecurityAffairs – hacking, Conti)