Notorious Conti and Trickbot Ransomware Operators Exposed in Massive Data Leak

• A hacker published several photos and details on cybercriminals connected to Conti and Trickbot ransomware.
• Among the names are hackers using the aliases Stern, Professor, Defender, and Mango.
• He reports sourcing data from semi-closed databases, darknet markets, and even corrupt officials offering access to sensitive state records.

An anonymous whistleblower operating under the moniker GangExposed publicly identified key leaders behind the Conti and Trickbot ransomware groups and shed unprecedented light on the operations of these highly organized cyber-extortion syndicates.

In a calculated data dump, GangExposed released thousands of internal files, chat logs, personal videos, and details of ransom negotiations.

Among those named was Vitaly Nikolaevich Kovalev, known as "Stern," recognized as a pivotal figure within both Trickbot and Conti. The identity was later corroborated by German law enforcement. 

Shortly after, Vladimir Viktorovich Kvitko, or "Professor," was also exposed, with evidence suggesting he relocated from Moscow to Dubai in 2020 to facilitate ongoing attacks on Western organizations. 

Additional members, such as "Defender" (Andrey Yuryevich Zhuykov) and "Mango" (Mikhail Mikhailovich Tsaryov), were identified with supporting photos and background documentation. Defender is the Conti system administrator, while Mango is a key coordinator for Conti/TrickBot.

The U.S. government previously offered up to $10 million for information leading to the apprehension of these individuals. 

GangExposed named another 11 individuals:

• Abdullaev Ilgar Ogly  
• Andreev Fiodor Aleksandrovich 
• Vasilchenko Aleksandr Mikhailovich 
• Galochkin Maxim Sergueevich 
• Zhuikov Andrei Yourievich 
• Zhukov Aleksandr Vadimovich 
• Kareva Ekaterina Vladimirovna 
• Fakeev Oleg Aleksandrovich 
• Khitrov Aleksei Aleksandrovich 
• Khitrov Sergei Aleksandrovich 
• Tsarev Mikhail Mikhailovich 

GangExposed, however, stated that financial incentives were not his motive, instead declaring a desire to disrupt criminal networks and deprive them of safe havens, particularly within the UAE.

Describing himself as an "independent anonymous investigator" with no formal IT background, GangExposed claims to use a blend of classical intelligence analysis, OSINT, linguistic stylometry, and psychological profiling. 

The leak aims to publicly identify and sanction key gang members, disrupt the gangs’ cryptocurrency laundering mechanisms, such as those involving the Blockchain Life forum, and pressure authorities in the UAE to address the presence of cybercriminals operating from their jurisdiction.

Threat intelligence analysts, including those at FalconFeeds, characterize this event as "a high-stakes intelligence war," given the level of access and detail in the releases, speculating that the source behind the leak is either “an ex-member or a disgruntled insider from within the group.”

Last year,  prominent Russian cybercriminal Mikhail Pavlovich Matveev, believed to be connected to several ransomware gangs, like Conti, LockBit, and more, was arrested, as well as a Kyiv native who provided encryption skills to Conti and LockBit.