{
	"id": "6a334852-3f8c-4911-9aa1-47376b7b6f26",
	"created_at": "2026-04-06T00:20:19.17331Z",
	"updated_at": "2026-04-10T13:12:14.145029Z",
	"deleted_at": null,
	"sha1_hash": "5376fd434c64733800a855f19e29f330892059e2",
	"title": "Conti and Hive ransomware operations: What we learned from these groups' victim chats",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30292,
	"plain_text": "Conti and Hive ransomware operations: What we learned from\r\nthese groups' victim chats\r\nBy Cisco Talos\r\nPublished: 2022-05-03 · Archived: 2026-04-05 14:12:18 UTC\r\nTuesday, May 3, 2022 08:00\r\nAs part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently\r\nexamined a trove of chat logs between the Conti and Hive ransomware gangs and their victims.\r\nRansomware-as-a-service groups have exploded in popularity over the past few years, with these groups\r\ncontinually adding new affiliates and tools. In the past, we’ve learned more about these groups by speaking\r\ndirectly with operators and examining these groups’ changing tactics, techniques and procedures (TTPs).\r\nTalos researchers recently spent weeks combing through chat logs and other information we obtained from Hive\r\nand Conti operators' conversations with victims. These conversations had not previously been made public. The\r\nresearch paper we’re releasing today contains new insights into how Conti and Hive choose their targets, negotiate\r\nwith victims,  operate internally, and much more.\r\nSource: https://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html\r\nhttps://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html"
	],
	"report_names": [
		"conti-and-hive-ransomware-operations.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434819,
	"ts_updated_at": 1775826734,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5376fd434c64733800a855f19e29f330892059e2.pdf",
		"text": "https://archive.orkl.eu/5376fd434c64733800a855f19e29f330892059e2.txt",
		"img": "https://archive.orkl.eu/5376fd434c64733800a855f19e29f330892059e2.jpg"
	}
}