Publications and Research

Document Type


Publication Date



The main goal of this paper is to showcase some results from a comprehensive data analysis that we did on the cache of chat logs from the notorious ransomware group Conti. The chat logs were made publicly available on February 27, 2022. They were translated from Russian into English, and contain 393 json files with chat logs from the instant messaging service Jabber. We employ a variety of modern data science tools for text mining, natural language processing, network analysis and geospatial analysis to investigate the Conti chat logs so that we can understand the command and control structure of the network and discover any valuable information hidden in the data, such as Bitcoin, IP, email and web addresses, as well as any other information that can lead to further insights into the inner workings of the Conti group.


B. Kostadinov, J. Liu and J. Rayme, "Using Data Science Tools for Investigating Chat Logs from the Conti Ransomware Group," 2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2022, pp. 0095-0101, doi: 10.1109/UEMCON54665.2022.9965691.

© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.