Hacked
Hacked

Wizard Spider

May 2, 2026

AI Summary

5 min read

Investigative journalist Jeff White discusses the Conti ransomware gang—also known as Wizard Spider—with podcast host Jordan. Drawing from massive leaked chat logs released in 2022 after Conti's public support for Russia's Ukraine invasion, White details the group's corporate-like operations, internal tensions, and self-perception as a legitimate business rather than criminals. At its 2021 peak, Conti generated around $180 million annually through affiliates who infiltrated targets, exfiltrated data, encrypted systems, and demanded ransoms, often in cryptocurrency.

Conti's Business Model and Operations

Conti operated as a highly structured enterprise, distinct from looser ransomware groups. It employed salaried programmers and affiliates on bi-monthly payrolls, with HR functions, performance reviews, sick pay, holidays, and bonuses. Affiliates—independent operators—received 80% of ransoms, while Conti took 20% for providing malware and support, creating scale but eroding central control.

Continue reading the full summary in the app — free to try.

Read Full Summary →

Free • No credit card required

Listen to Audio Summary Open in App

What you'll learn

  • 1 (00:00) **Intro to Conti Ransomware Gang** - Overview of Wizard Spider/Conti as corporate-like operation earning $180M/year via affiliates encrypting data and demanding crypto ransoms
  • 2 (02:09) **Stern as Alleged Leader** - Accusations against Stern (Vitaly Kovalev) as head of vast cybercrime network despite low profile
  • 3 (04:42) **Why Investigate Conti** - Jeff White on UK ransomware impact (0.5% GDP, £15B/year) and need for victim-villain-hero story
  • 4 (06:42) **Criminals' Business Mindset** - Gangs reframe ransomware as legitimate service like "post-paid penetration testing"
  • 5 (09:04) **Corporate Structure Details** - Payroll, sick pay, bonuses, recruitment challenges, and reassuring hires/victims of professionalism
  • 6 (10:46) **2022 Leaks Origin** - Insider dump post-Russia-Ukraine invasion amid internal war support dissent; 300K+ messages from Jabber chats
  • 7 (14:00) **Key Insights from Leaks** - Operations, pay rates, Alla Witt arrest response (shocked by her age/gender, plot lawyer payment via victim ransom)

+ Full timestamped outline available in the app

Show Notes

Investigative journalist Geoff White has spent a lot of time inside the leaked communications of Conti — the Russian ransomware gang that ran like a corporation, hit Ireland's national health service, extorted the Costa Rican government, and pulled in $180 million in a single year. Geoff joins us to break down how Conti operated, the internal moral debate over hitting hospitals, the jewellery heist that spooked them into apologizing to Saudi royals, and how he tracked down rare video of the gang's elusive alleged boss, a man almost nobody had ever seen. It's a preview of his new BBC series Cyber Hack, dropping June 1st.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Hacked

More from this podcast

Hacked →