An angry Conti affiliate publicly leaked information about the ransomware gang on a popular Russian-speaking hacking forum.
This affiliate accused the gang of paying him a paltry sum of $1,500, while the rest of the team earned millions of dollars from ransoms paid by the victims.
Normally the core team earns 20-30% of a ransom payment, while the affiliates earn the rest.
Under his post, the affiliate attached Images of Cobalt Strike beacon configurations, which contain the IP addresses used for command and control servers used by the ransomware gang.
The affiliate further shared an archive of 111 MB of files, including hacking tools, manuals in Russian, training materials and help documents, which were made available to affiliates when performing Conti ransomware attacks.
This leak illustrates the vulnerability of ransomware-as-a-service operations because a singly unhappy affiliate could lead to the exposure of carefully cultivated information and resources that are used for attacks.
For more information, read the original story in Bleeping Computer.