Close Menu
AIToday7

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    New method aims to keep kids safe from illegal AI

    July 13, 2026

    Could AI help al-Qaeda and other groups plan terror attacks?

    July 13, 2026

    I tried to parody the most absurd AI products, but the tech industry beat me to it

    July 13, 2026
    Facebook X (Twitter) Instagram
    Trending
    • New method aims to keep kids safe from illegal AI
    • Could AI help al-Qaeda and other groups plan terror attacks?
    • I tried to parody the most absurd AI products, but the tech industry beat me to it
    • Naver’s startup investment organization D2SF (center director Yang Sang-hwan, photo) has already inv..
    • Chefs Say These 20 Kitchen Gadgets Are a Waste of Money. Here’s What to Buy Instead
    • Madison County Board of Supervisors discusses possible cybersecurity attack
    • Intent Clusters Guide AI Product Discovery
    • Christopher Nolan says people ‘disdain’ AI and the idea it will replace humans is ‘nonsense’
    Facebook X (Twitter) Instagram Pinterest Vimeo
    AIToday7
    • Home
    • AI News
    • Tech News
    • AI Guides
    • Chatbots
    • Cybersecurity
    • Gadgets
    • More
      • Generative AI
      • Startups
    AIToday7
    Home»Cybersecurity»What leaked messages tell us about global hacking gang Conti
    Cybersecurity

    What leaked messages tell us about global hacking gang Conti

    stamilhstgr0518@gmail.comBy stamilhstgr0518@gmail.comJuly 12, 2026No Comments8 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    What leaked messages tell us about global hacking gang Conti
    Share
    Facebook Twitter LinkedIn Pinterest Email

    ‘I’m dying laughing’ – what leaked messages tell us about global hacking gang


    BBC A graphic showing a series of colourful Russian dolls and Russian style churches on a red background with a computer chip board motif. Words say BBC Cyber Hack Conti Files, with the s of files replaced by a dollar sign.
    BBC

    Conti, one of the world’s largest ransomware groups, spent years hacking people. But in 2022 the tables turned when the criminal gang imploded and thousands of their internal messages were leaked online. What do they reveal?

    As the news breaks that Russia has invaded Ukraine, fingers suddenly fly into action across keyboards.

    “What a nightmare on the front line.”

    These are messages from within Conti, a hacking gang with mainly Russian members but affiliates all over the world.

    “Friends, brothers, are there any Ukrainians besides me?” one asks in the gang’s chats.

    They extorted millions of dollars through scrambling organisations’ data and demanding payment to release it, making an estimated $180m in 2021 alone, but some of the members had no idea who their colleagues really were.

    From Redcar and Cleveland Borough Council in north-east England to luxury jeweller Graff, Conti’s hacks had affected more than 1,000 organisations.

    But a rift over the Russian invasion was to have serious repercussions for the criminals.

    EPA A Ukrainian soldier turns his face away from the blast as a giant cannon he is operating fires. He is surrounded by trees.
    EPA
    The invasion of Ukraine sparked a rift in Conti

    A day after Ukraine was struck, a message was posted on Conti’s dark web site in support of Russia.

    It was taken down hours later and replaced with: “We do not ally with any government, and we condemn the ongoing war.”

    But the damage was done.

    Two days after Conti’s pledge of allegiance to Russia and its furious attempt to backpedal, more than 300,000 of the gang’s secret communications were leaked by one of their members.

    It was a jaw-dropping day for Joe Wrieden, a cyber threat <a href="https://aitoday7.com/apple-sues-openai-alleging-artificial-intelligence-company-stole-trade-secrets/” title=”Apple sues OpenAI, alleging artificial intelligence company stole trade secrets”>intelligence leader for UK security firm Cyjax.

    A faceless account appeared on his Twitter feed, saying “we know everything about you Conti - you can’t even trust your girlfriend”.

    “Finally,” Joe says, “we get almost that full understanding of what’s been going on for years in one of the most notable groups in the ransomware space.”

    Joe Wrieden smiles at the camera. He has shoulder length thick curly brown hair and a gingery beard.
    Cyber security expert Joe Wrieden said the message leak was eye-opening

    The messages revealed the discussions – and crucially disagreements – taking place between gang members while they carried out some of their most audacious attacks.

    For example, its targeting of the Irish Health Service Executive (HSE) in May 2021 during the middle of the Covid-19 pandemic.

    Oncologist Seamus O’Reilly was doing his usual morning ward round at Cork University Hospital when all the screens went blank.

    “I had no communications abilities,” he recalls. “I had no access to historical patient data.

    “To be brutally honest, the only time I broke down during the pandemic was after the cyber attack.”

    The hackers had impacted nearly all hospitals and healthcare facilities in Ireland, and they reportedly wanted $20m (£14m) to restore services.

    Mum-of-two Donna-Marie Cullen was getting ready to undergo highly targeted cancer treatment when she heard about the hack on the morning news.

    She can still feel the anxiety she felt then.

    Donna-Marie Cullen smiles at the camera. She has long blonde hair and a small nose ring.
    Donna-Marie Cullen feared her cancer treatment would be disrupted by Conti

    “Could these people behind this cyber attack  take my life away?” she says.

    The issue of attacking healthcare comes up a lot in the Conti leaks.

    One member named Target was particularly keen on this tactic.

    “Let them pay millions,” they wrote the year before the HSE attack. “Let them die.”

    Target wanted to attack hundreds of hospitals across the USA.

    “There is going to be panic,” Target wrote, later saying “damn, I’m dying laughing”.

    But Target was just one member of the Conti gang.

    Explaining hacking targets to a new recruit, one member said they could not attack the “medical sector” or “maternity hospitals”.

    There is no mention of the HSE attack specifically, but hitting hospitals during a global health emergency was a matter of debate.

    At one point, a member of the team asked Conti’s founder, Stern, if he had approved an encryption of a hospital.

    “If you didn’t approve it, I will hand the decryptor to that clinic,” the member wrote. “We agreed not to touch the medical sector, remember?”

    And that is exactly what happened in Ireland.

    Jacky Fox smiles at the camera. She has shoulder length thick brown hair parted in the middle.
    Jacky Fox led the team trying to resolve the hack of Ireland’s HSE

    Jacky Fox, senior managing director for Accenture Information Security, had pulled together a top team to tackle the attack in their rapidly convened “war room”.

    They worked 16-hour days and lived off takeaway pizza.

    A week later, Jacky’s colleague ran in holding a piece of paper and shouting they had been given the “key” by the hackers – a series of letters and numbers that would help to unscramble the data.

    “I was so excited,” Jacky says. “I think I actually got tearful.”

    But it took months for the systems to fully recover.

    Thankfully Donna-Marie was able get her treatment and the cancer has gone.

    ‘Globally famous people’

    As well as debates on targeting health institutions, the messages also give a glimpse of how the hackers saw the rich and powerful.

    In October 2021, international jeweller Graff was hacked and held to ransom, with Conti leaking personal data about the diamond merchant’s illustrious clients on the dark web.

    The leaks reportedly included information on Donald Trump, David Beckham, Philip Green, Oprah Winfrey, Frank Lampard and royals from the Gulf nations.

    “This was potentially a really big story,” says Kevin O’Sullivan, editor of tech media platform FutureScot.

    He had been covering another of Conti’s hacks when he stumbled across the leaked data.

    “It was mind-blowing actually, because this was customer data and it listed A-list celebrities and globally famous people.”

    Getty Images A white-gloved hand holds a large diamond.
    Getty Images
    Conti targeted international jeweller Graff

    In their internal chats, the gang were gossiping about what they had obtained on the celebrities, from purchase history and credit card details down to addresses and “colour of underwear”.

    The “whole network is buzzing” one wrote, while another said the victims were “very high-class people”.

    But Conti had made a mistake – they had not reviewed the leaked data properly before posting it and had unwittingly leaked data on powerful people – details of Graff purchases apparently by high profile members of the Saudi royal family.

    “They’ll find you and that’s it,” they continued. “You’re gone.”

    Damage limitation was on their minds, with one saying their group could be ruined and the leak had to be “very quickly stopped”.

    “You just have to understand the line,” one said, adding: “The ruling families are a friend.”

    In a highly unusual move, the gang released an apology, saying: “Any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”

    ‘Last encryptors left’

    The apology came after journalist Kevin wrote a story in the Daily Mail alongside fellow reporters Georgia Edkins and Michael Powell.

    In their message, Conti even praised the Mail for the “great coverage”.

    “It was extraordinary” Kevin says. “I didn’t expect them to compliment me for my work.”

    Graff handed over a ransom of around $7.5m, but did not respond to the BBC’s requests for comment.

    Conti’s internal chats show one of the hackers, who claims to have been part of the Graff job, boasting about getting about 1% of the payout, $75,000, with which he would build a house.

    The Graff attack happened in late October 2021 and things seemed to be going well for Conti.

    As the boss Stern put it, “none of the other notorious encryptors are left now”.

    But Mango, the usually calm office manager, was getting frustrated.

    “Honestly,” they told Stern, “I try to solve all your crazy extravagant quests but I get the strong feeling you don’t care at all.

    “I’ve spent my whole life getting all this organized and rolling it out.

    “At this rate, I’ll be grey in a year or two.”

    US Secret Service Two shots of Vitaly Nikolayevich Kovalev looking at the camera. In both he is clean shaven with short black hair.
    US Secret Service
    Stern has been identified by law enforcement agencies as Russian national Vitaly Nikolayevich Kovalev

    One of the final messages was three days before the Russian invasion of Ukraine by a member named Fire.

    “We are in a difficult situation with too much outside scrutiny of the firm, and the boss has apparently decided to lay low,” Fire said.

    “All balances on wages will be paid. The only question is when.”

    It was not until three years later, in May 2025, when German police identified Stern as a Russian man in his 30s named Vitaly Nikolaevich Kovalev.

    He has been sanctioned by the US and UK authorities and has an Interpol Red Notice against him.

    The BBC wanted to find him too.

    Other Vitaly Nikolayevich Kovalev wears a vibrant Hawaiian style shirt in front an orange and yellow sunset sky.
    Other
    The BBC found pictures on social media of Vitaly Kovalev on luxurious holidays

    All we had was a name and a couple of photographs, but in late 2025 an anonymous post appeared on the messaging app Telegram showing Kovalev playing tennis.

    The BBC Cyber Hack podcast linked this single image to a sprawling set of social media accounts run by an influencer with thousands of followers.

    Kovalev could now be seen wearing a Louis Vuitton jacket in a nightclub, driving a Bentley SUV and holidaying in an exclusive resort in southern Russia, where a family villa costs £22,000 a week.

    Kovalev was approached by the BBC and did not respond.

    While the messages showed the hackers were quick to move on to other targets, their victims were left picking up the pieces.

    “It was a horrible thing to do,” Jacky, who was tasked with resolving the Ireland hack says.

    “I don’t have any sympathy, empathy, or understanding as to how another human could do that.”

    Follow BBC Tees onX,Facebook,NextdoorandInstagram.

    More on this story

    The inside story of a council held to ransom in cyber-attack

    Hackers bail out Irish health service for free


    Computer hacking
    Cyber-attacks
    Cyber-crime
    Redcar and Cleveland Borough Council
    Republic of Ireland

    about leaked messages tell What
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleMeta shuts down AI tool after backlash over public Instagram accounts
    Next Article 5 Star Trek Gadgets That Have (Or Will Soon) Become Real World Tech
    stamilhstgr0518@gmail.com
    • Website

    Related Posts

    Cybersecurity

    Madison County Board of Supervisors discusses possible cybersecurity attack

    July 13, 2026
    Cybersecurity

    The 6 biggest cybersecurity breaches of 2026 so far

    July 12, 2026
    Cybersecurity

    CISA looks to remedy ailments from big May credential leak

    July 11, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    New method aims to keep kids safe from illegal AI

    July 13, 20260 Views

    Could AI help al-Qaeda and other groups plan terror attacks?

    July 13, 20260 Views

    I tried to parody the most absurd AI products, but the tech industry beat me to it

    July 13, 20260 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    Chatbots

    OpenAI bets on families as ChatGPT goes deeper into households

    stamilhstgr0518@gmail.comJuly 11, 2026
    Generative AI

    MUSIC COMMUNITY INTRODUCES NEW LABELING PROGRAM TO DISTINGUISH GENERATIVE AI IN SOUND RECORDINGS

    stamilhstgr0518@gmail.comJuly 11, 2026
    AI News

    Safe from AI: which jobs will help you thrive in the future?

    stamilhstgr0518@gmail.comJuly 11, 2026

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    New method aims to keep kids safe from illegal AI

    July 13, 20260 Views

    Could AI help al-Qaeda and other groups plan terror attacks?

    July 13, 20260 Views

    I tried to parody the most absurd AI products, but the tech industry beat me to it

    July 13, 20260 Views
    Our Picks

    OpenAI bets on families as ChatGPT goes deeper into households

    July 11, 2026

    MUSIC COMMUNITY INTRODUCES NEW LABELING PROGRAM TO DISTINGUISH GENERATIVE AI IN SOUND RECORDINGS

    July 11, 2026

    Safe from AI: which jobs will help you thrive in the future?

    July 11, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Get In Touch
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    © 2026 AIToday7. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.