We are exclusively publishing the interview that we conducted with the Meow Leaks group and which they gave us in these last hours.
We had known the Meow Leaks group as a group attributable, at least for the programming code used, to the Conti (v2) ransomware group. A belief also due to the analyzes carried out on the group published on various websites in the sector, but from the answers he gave us in the interview, evidently, we were wrong.
According to the group’s administrator, no ransomware software is used, the data is not encrypted but only exfiltrated and then put on sale on his new website which the author himself likes to define as “Market Meow Leaks”. A totally renewed website, put back online today with the same IP address used before it was taken offline by the same administrator during the last days of last month while awaiting the definitive restyling.
Furthermore, from the answers he provided, Meow Leaks would not attack medical, hospital and educational institutions
img. SOCRadar,io – Old web site
New web site – Screenshot and redaction by SuspectFile.com
SuspectFile: We have seen the redesign of your new website on the Tor network that you call “Market Meow Leaks”. It has become a true data marketplace, which is very rare to see among other groups’ blogs. So, there is no publication of exfiltrated data if a victim doesn’t pay the ransom, but only the sale of their data at very reasonable prices?
Meow Leaks: What is the point of communicating with the victim for a long time, if there are really interested people with big wallets )
SuspectFile: Currently, your blog lists 9 victims, which is much fewer than the number listed before the redesign. What is an approximate number of victims you have hit so far, and in which fields?
Meow Leaks: There are a lot of them. One of my servers hosts more than 200 companies, which is a very large amount of data. But it’s all gradual!
SuspectFile: Previously, your group was attributed the name “MeowCorp”, referring to the period of August 2022, and analysts determined that the encryptor was based on the one previously used by “Conti v2”. According to reports by analysts, the group disappeared and then reappeared towards the end of 2023 as Meow Leaks. What can you tell us about this?
Meow Leaks: I have nothing to do with conti, it’s a brand new project, it’s a big platform for everyone. Currently, the number of clients is increasing every day. These are different countries, different areas of buyers.
SuspectFile: Are there “deontological boundaries”, if I may use the term, within which Market Meow Leaks will not operate? For example, hospitals, education…
Meow Leaks: We don’t work with children, we don’t work with certain countries. But I think you realize that a data market is a data market. We don’t do ransomware
SuspectFile: Are there potential victims operating in countries where your group will never attack?
Meow Leaks: As I said, we don’t work with specific countries. We also will not post information about children with disabilities in the US and other countries, it is too low for us.
SuspectFile: We do not have enough elements to define Market Meow Leaks as an RaaS group. What can you tell us about this?
Meow Leaks: The media just needs to write that we’re ransomware, but we’re not.
SuspectFile: Despite your group being active for several months, very little is known about you. This has allowed you, until now, to avoid “law enforcement attention”. The downside is that perhaps this choice has prevented you from being considered a credible group because you are not very active?
Meow Leaks: Don’t think so, the FBI is very interested in Meow Leaks. Hi FBI! )
SuspectFile: What do you think about the spread of the LockBit code and previously that of Conti, and the increasing number of new groups emerging due to this data leak? These groups are often formed by very young individuals without programming knowledge.
Meow Leaks: script kiddie ) There are a lot of kids nowadays who don’t know how to code and open ransomware, which can be decrypted the next day.
SuspectFile: In the past, you used the ChaCha20 algorithm to encrypt data after exfiltrating it. Is this still the case? Also, have you developed your own code for your software, or is it still based on the one used in the past?
Meow Leaks: We’re not ransomware
SuspectFile: Recently, some well-known ransomware groups have disbanded for various reasons, including total disagreement over certain “guidelines” imposed by the group’s leadership. Did Market Meow Leaks arise from the dissolution of other groups, or did you decide it was time to work on your own, as many others have done?
Meow Leaks: I am legion. I’m alone
SuspectFile: How would you define your group?
Meow Leaks: Market Meow Leaks
SuspectFile: It is not the first time that a group decides, at some point, to disappear, keeping not only the victims’ ransoms but also the unpaid percentages to their affiliates, as happened in the past with Conti and more recently with Alphv. What is your opinion on the actions of these two groups?
Meow Leaks:Unfortunately, everyone has their price, I have never worked with Alpha and told others not to work – they will screw you later. Which is exactly what happened. It’s fashionable now. That’s why Meow Leaks offers its partners full transparency, where they are their own masters.
– Now some questions we ask every group we interview –
SuspectFile: SuspectFile.com has read hundreds of negotiation chats from various groups. In some cases, communication problems arose during negotiations. The victim asked for concrete proof of data loss and files, but the operator could not respond because all the data was in the hands of the affiliate who hit the victim. Don’t you think such situations could undermine the trust and credibility of a ransomware group?
Meow Leaks: As I said in the last question: On Meow Leaks, everyone is their own boss.
SuspectFile: Do you, like other groups, believe that a security company, on which companies rely as a “negotiator”, will ultimately reach a secret agreement with a ransomware group? Has this ever happened to you?
Meow Leaks: The only thing I know is that security companies just suck money out of the victim, and in the end the victim is left without everything. But with us it’s different, there’s no point in having a dialog with a security company because we don’t encrypt companies. The security company can only call a Wall Street negotiator to negotiate a price.
SuspectFile: Indeed, most companies in any sector invest little or nothing in cybersecurity. But beyond that, what are the main shortcomings that companies should address, considering that often (even in your case), untrained personnel inadvertently open the main door to corporate IT systems (e.g., through phishing emails)?
Meow Leaks: Everyone has their own head on their shoulders, and the human factor has not been canceled.
SuspectFile: Besides money and your skills, what are the reasons, if any, that led you to take this path in your life?
Meow Leaks: I remember I did a bug bounty program a long time ago, but it was a scam, it didn’t pay out. What’s the point of me wasting my time for $500 if I can get $5,000,000. Now that I have the money, I’m giving other people the opportunity to make money.