{
	"id": "1e632d4f-d1fb-4c9b-b2f6-b50daabaad68",
	"created_at": "2026-04-06T00:07:16.081146Z",
	"updated_at": "2026-04-10T03:23:52.101572Z",
	"deleted_at": null,
	"sha1_hash": "fe08f7b88b0b13cd5f5d0885b53978f9e2de5e0d",
	"title": "Ryuk successor Conti Ransomware releases data leak site",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3916630,
	"plain_text": "Ryuk successor Conti Ransomware releases data leak site\r\nBy Lawrence Abrams\r\nPublished: 2020-08-25 · Archived: 2026-04-05 14:32:53 UTC\r\nConti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to\r\nforce victims into paying a ransom.\r\nIn the past, when the TrickBot trojan infected a network, it would eventually lead to the deployment of the Ryuk\r\nransomware as a final attack.\r\nAccording to Advanced Intel's Vitali Kremez, since July 2020, Ryuk is no longer being deployed, and in its place, the\r\nTrickBot-linked operators, are now deploying the Conti ransomware.\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nConti is a relatively new private Ransomware-as-a-Service (RaaS) that has recruited experienced hackers to distribute the\r\nransomware in exchange for a large share of the ransom payment.\r\nSubmissions to ransomware identification site ID Ransomware also show the increased activity of Conti ransomware since\r\nJune 15th.\r\nConti submissions to ID-R\r\nRyuk on the other hand, has seen a steady decline since July.\r\nRyuk subnmissions\r\nConti releases a data leak site\r\nWhen human-operated ransomware operations attack a corporate network, they commonly steal unencrypted data before\r\nencrypting the files.\r\nThis stolen data is then used as leverage to get a victim to pay the ransom under threat that the files will be released on\r\nransomware data leak sites.\r\nConti ransomware has been active since this summer, but it wasn't until recently that it released its own 'Conti.News' data\r\nleak site.\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 3 of 6\n\nConti data leak site\r\nThis data leak site currently lists twenty-six victims, with some of the names being large and well-known companies.\r\nFor each victim listed, a dedicated page is created that contains samples of the stolen data.\r\nLeaked data\r\nThe ransomware's adoption stealing data to be used in extortion is also reflected in the latest ransom notes from Conti.\r\nIn the past, the ransomware operators would just include a message that the victim was encrypted, and include two email\r\naddresses to contact them.\r\nConti ransom notes now include specific language stating that they will publish a victim's data if a ransom is not paid, as\r\nshown below. \r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 4 of 6\n\nConti ransom note\r\nOther ransomware operations that steal or have stolen unencrypted files to extort their victims include Ako, Avaddon, Clop,\r\nCryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil,\r\nSekhmet, Snatch, and Snake.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 5 of 6\n\nSource: https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nhttps://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/"
	],
	"report_names": [
		"ryuk-successor-conti-ransomware-releases-data-leak-site"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434036,
	"ts_updated_at": 1775791432,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fe08f7b88b0b13cd5f5d0885b53978f9e2de5e0d.pdf",
		"text": "https://archive.orkl.eu/fe08f7b88b0b13cd5f5d0885b53978f9e2de5e0d.txt",
		"img": "https://archive.orkl.eu/fe08f7b88b0b13cd5f5d0885b53978f9e2de5e0d.jpg"
	}
}