The goal of this repository is to share the translation of leaked chats related to the Conti Ransomware group. The original files leaked at https://share.vx-underground.org/Conti/ were mainly in Russian. We've used the paid (API from Google) to perform these translations. We've decided to share it to facilitate the analysis from the community, improve the understanding of ransom-as-a-service group modus operandi, and flourish law enforcement actions against ransomware actors. The translated files are the following.
- "Conti Chat Logs 2020.7z": 148 .json files were parsed and merged; and the content of the messages were translated to English. The output file is called "jabber_chat_2020_translated.csv"
- "Conti Jabber Chat Logs 2021 - 2022.7z": 396 .json files were parsed and merged; and the content of the messages were translated to English. The output file is called "jabber_chat_2021_2022_translated.csv"
- "Conti Rocket Chat Leaks.7z": 8 folders containing 1560 .json files were parsed and merged; and the content of the messages were translated to English. The output file is called "rocket_chat_translated.csv". Files with extension .list and files called userlist.json were not parsed. The columns of the parsed file contain all fields from the original raw files.
Northwave security is an internationally acknowledged CERT. We are ISO 27001 and ISO 9001 certified. We are co-founders of the European Cyber Security Federation and the Dutch cyber-sector confederation “Cyberveilig Nederland”. Steven Dondorp, Northwave’s CEO, is Chairman of Cyberveilig Nederland.
import pandas as pd
df_2020 = pd.read_csv('https://github.com/NorthwaveSecurity/complete_translation_leaked_chats_conti_ransomware/blob/main/jabber_chat_2020_translated.csv?raw=true',index_col=0)
df_2021 = pd.read_csv('https://github.com/NorthwaveSecurity/complete_translation_leaked_chats_conti_ransomware/blob/main/jabber_chat_2021_2022_translated.csv?raw=true',index_col=0)
df = pd.concat([df_2020,df_2021]).reset_index(drop=True)