Conti Leaks: Practical walkthrough and what can we learn from it |
Abstract
Conti, one of the most prolific ransomware gangs in recent years, conducted multiple targeted attacks against companies with multi-million dollars in revenue. The Conti ransomware gang is a well-organized group, with an affiliate model using Ransomware as Service (RaaS). On February 28th, a major leak has been published on Twitter about the Conti group. The leaked chat logs revealed private discussions between Conti members and show the size of their network. The data provided a unique insight into the inner workings of the group. This presentation will provide a practical approach to exploit the chat logs using Python applied for threat intelligence. We will dissect the available information and learn more about their process and operation. Eventually, we will see how we can take advantage of the available information to pivot and hunt for additional context and threat intelligence. The talk will allow analysts to reuse the code and continue to search for the extracted information on their own. Additionally, it offers an out-of-the-box methodology for analysing chat logs, extracting indicators of compromise, and improving threat intelligence and defence process using Python. Speaker Bio: Thomas Roccia is Senior Security Researcher at Microsoft. He works in the Defender team to improve detection and research novel techniques. Previously Thomas was working at McAfee in the Advanced Threat Research team. He worked on threat intelligence, tracking cybercrime campaigns, and collaborated with law enforcement agencies. He performed worldwide incident response, malware hunting, and helped customers during major outbreaks. He speaks regularly at security conferences. |