# Ryuk successor Conti Ransomware releases data leak site **[bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/](https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) August 25, 2020 01:49 PM 0 Conti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to force victims into paying a ransom. In the past, when the TrickBot trojan infected a network, it would eventually lead to the deployment of the Ryuk ransomware as a final attack. [According to Advanced Intel's Vitali Kremez, since July 2020, Ryuk is no longer being](https://twitter.com/VK_Intel) deployed, and in its place, the TrickBot-linked operators, are now deploying the Conti ransomware. Conti is a relatively new private Ransomware-as-a-Service (RaaS) that has recruited experienced hackers to distribute the ransomware in exchange for a large share of the ransom payment. ----- Submissions to ransomware identification site ID Ransomware also show the increased activity of Conti ransomware since June 15th. **Conti submissions to ID-R** Ryuk on the other hand, has seen a steady decline since July. **Ryuk subnmissions** ## Conti releases a data leak site When human-operated ransomware operations attack a corporate network, they commonly steal unencrypted data before encrypting the files. This stolen data is then used as leverage to get a victim to pay the ransom under threat that [the files will be released on ransomware data leak sites.](https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/) Conti ransomware has been active since this summer, but it wasn't until recently that it released its own 'Conti.News' data leak site. ----- **Conti data leak site** This data leak site currently lists twenty-six victims, with some of the names being large and well-known companies. For each victim listed, a dedicated page is created that contains samples of the stolen data. ----- **Leaked data** The ransomware's adoption stealing data to be used in extortion is also reflected in the latest ransom notes from Conti. In the past, the ransomware operators would just include a message that the victim was encrypted, and include two email addresses to contact them. Conti ransom notes now include specific language stating that they will publish a victim's data if a ransom is not paid, as shown below. ----- **Conti ransom note** Other ransomware operations that steal or have stolen unencrypted files to extort their victims include Ako, Avaddon, Clop, CryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil, Sekhmet, Snatch, and Snake. ### Related Articles: [New Bumblebee malware replaces Conti's BazarLoader in cyberattacks](https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-replaces-contis-bazarloader-in-cyberattacks/) [Snap-on discloses data breach claimed by Conti ransomware gang](https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/) [Shutterfly discloses data breach after Conti ransomware attack](https://www.bleepingcomputer.com/news/security/shutterfly-discloses-data-breach-after-conti-ransomware-attack/) [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [The Week in Ransomware - May 20th 2022 - Another one bites the dust](https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-20th-2022-another-one-bites-the-dust/) [Conti](https://www.bleepingcomputer.com/tag/conti/) [Data Exfiltration](https://www.bleepingcomputer.com/tag/data-exfiltration/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Ryuk](https://www.bleepingcomputer.com/tag/ryuk/) [TrickBot](https://www.bleepingcomputer.com/tag/trickbot/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/software/firefox-80-released-with-new-and-faster-extensions-blocklist/) ----- [Next Article](https://www.bleepingcomputer.com/news/google/google-chrome-is-now-faster-delivers-10-percent-quicker-page-loads/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----