Conti ransomware group updated their blog recently to indicate that organizations affected by Conti’s malware but have declined to reach out or negotiate a ransom payment will have their data sold or published online.

Their blog listed multiple victims of their operations and stated, “We are looking for a buyer to access the network of this network and sell data from their network.”

Fabian Wosar, CTO at Emsisoft commented on this incident saying, “I wonder if they are about to close down their operation and want to sell data or access from an in-progress breach before they do, but it’s somewhat stupid to do it that way as you will alert the companies that they have a breach going on.”

Conti’s alteration of methods was caused by U.S Government working with private sectors that pwned REvil’s internal systems. The affiliate group posted “ANNOUNCEMENT.REVILIVES” which described their operation as unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs.

Source: https://twitter.com/_ACECODE/status/1451609936501227523

“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?”, reads Conti’s blog. They further stated that there are no laws that allow the government to hack servers of foreign countries, “Infrastructure is not flying there in space or floating in neutral waters. It is a part of someone’s sovereignty.”

They called the attack against REvil servers “another drop in the ocean of blood, which started because of NSA, CIA, FBI, and many others,” and urged Americans to take control over their country by expelling powerful organizations in the U.S to become a truly free nation.