In October, the infamous ransomware gang known as Conti released thousands of files stolen from the UK jewelry store Graff.
Now, the hackers would like the world to know that they regret their decision, perhaps in part because they released files belonging to very powerful people.
Videos by VICE
Among the data Conti leaked, there were sensitive files belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump, according to The Daily Mail. There was also, according to the hackers themselves, information belonging to the UAE, Qatar, and Saudi royal families.
And the hackers really don’t want to piss them off.
“We found that our sample data was not properly reviewed before being uploaded to the blog,” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”
“Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience,” the hackers added.
The hackers also said that other than publishing the data on their site, they did not sell it or trade, and that from now on they will “implement a more rigid data review process for any future operations.”
Conti did not immediately respond to a request for comment sent via its official site.
Allan Liska, a researcher at cybersecurity firm Recorded Future who tracks ransomware, said that the hackers must have gotten scared of potential retaliation from the Arab states.
“Bluntly, UAE sends assassination teams to deal with people they don’t like. The US and UK don’t do that (any more). Even ransomware groups are subject to political pressure. My guess is that they had a conversation with someone in the Kremlin who told that this was a bad idea and so they removed the data,” Liska told Motherboard in an online chat. “This is their way of covering it up.”
Do you have more information about a ransomware incident or a ransomware gang? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
But Brett Callow, a researcher who focuses on ransomware at Emsisoft, is not so sure.
“The nutso ramblings of a drunk? Either that or a statement intended to confuse and obfuscate. Smoke and mirrors. Some analysts have speculated that the apology is the result of pressure from the Russian government, but that seems unlikely,” he told Motherboard in an email. “A public apology like this would simply cause further embarrassment to the individuals it names. Also, Conti has hit Saudi-based companies in the past, so obviously has no problems operating in that part of the world.”
The hackers, in any case, said they will continue to publish data obtained from Graff, especially “as much Graff’s information a possible regarding the financial declarations made by the US-UK-EU Neo-liberal plutocracy, which engages in obnoxiously expensive purchases when their nations are crumbling under the economic crisis, unemployment, and COVID.”
Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.