1/ There's an interesting thread on a Russian cybercrime forum about how often the Conti ransomware group hacks Russian servers, which frequently show up in the bot panels Conti uses alongside victim PCs at Western firms. However, Conti alone decides which victims get ransomed.

2/ Conti, like virtually all other Russia-based cybercriminal groups, scrupulously avoids ransoming RU victims, as do their affiliates. BUT, these RU companies are technically still victims of malware that steals prodigious amounts of sensitive information.

3/ On any given week, I'll notify several companies that ransomware groups are in their systems. But I rarely if ever notify Russian victims. I decided that was short-sighted. The reason is that groups like Conti are fine in RU as long as no one in RU is complaining about them.

4/ So I thought, what would happen if someone started making sure that all RU victims of Conti got notified of their victimization? Would that change anything? I guess we'll find out.

5/ In the past couple of weeks, e.g., Conti has hacked one of the largest oil companies in RU, as well as the Bank of Moscow. Also one of its largest nickel producers. A process controls system maker. And a point-of-sale provider. And a fairly large maritime shipping concern.