Conti ransomware source code leaked by Ukrainian researcher

Ransomware
(Image credit: Shutterstock)

A Ukrainian researcher who recently leaked tens of thousands of chat messages belonging to the operators of the Conti ransomware, has now published the malware's source code.

Following the initial leak in which 60,000 messages were pushed online, the same researcher then leaked another 107,000 internal messages, and after that the source code for multiple Conti tools, including the group’s administration panel, the BazarBackdoor API, as well as the Conti ransomware encryptor, decryptor, and builder.

The latter three came in a password-protected archive, but was soon cracked by another researcher, providing everyone with free and easy access to Conti’s underbelly.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> <a href="https://project.tolunastart.com/s/Cy37RiA" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Conti's image taking a hit

While this doesn’t necessarily spell doom for Conti, it could result in the creation of additional ransomware groups, as the source code can now easily be adopted by other threat actors, modified a bit, and returned back to vulnerable endpoints.

Whether or not that will be the case, and what will that mean for Conti, remains to be seen. The media speculate the leak will be a major blow for the ransomware gang’s reputation, which could result in affiliates moving elsewhere.

The Russian invasion of Ukraine doesn’t seem to be paying off. Besides heavy sanctions and the country’s elimination from various international organizations and infrastructure, the backlash has also spilled into the cyber-realm.

Conti has found itself on thin ice in the internet’s underworld, as it announced siding with Russia and threatened retaliation against anyone who would assault the country’s digital infrastructure. As many of its affiliates seem to be of Ukrainian origin, it wasn’t long before Conti was forced into altering its stance and declaring “neutrality”. 

However, that doesn’t seem to have helped the group much, as the Ukrainian leakster continues to expose the group’s dirty laundry on the internet. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.