Revenge hackers leak more Conti ransomware source code

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

A newer version of the source code for the Conti ransomware (opens in new tab) has been leaked online, reportedly by the same person who’s been tearing the group apart for the past three weeks.

The incident is the latest in a series of leaks from a Ukrainian cybersecurity researcher who is running a personal vendetta of sorts against Conti, ever since the latter declared it would side with Russia, as it invades its western neighbor.

That being said, the source code for Conti version 3 was uploaded to VirusTotal, and linked on Twitter. The archive is protected with a password, but the password was posted in one of the replies to the Twitter thread. 

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Conti's chat logs leaked 

This is not the first time the researcher publishes Conti’s source code online, but unlike the previous leak, which was for a much older version of the ransomware, this one is dated January 25, 2021, making it at least a year younger than the earlier leak.

BleepingComputer notes the source code leak is a Visual Studio solution that anyone can use to compile the ransomware locker and decryptor, and that it works just fine. The publication managed to compile it with no issues. 

While this doesn’t mean whoever gets infected can use the source code to obtain a master key, it does mean that Conti copycats might start popping up, and that could hurt the group’s operations.

Before leaking the source code, the researcher also leaked tens of thousands of private chat messages, some of which might even lead to arrests. Initial investigations suggest the chat logs disclose details such as previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.

Conti is an active ransomware group, which only recently hit American cookware distributor Meyer, stealing sensitive employee information. 

The group seems to have taken Meyer employees’ full names, physical addresses, birthdates, gender and ethnicity information, Social Security numbers, health insurance information and data on employee medical conditions, random drug screening results, Covid vaccination cards, driver’s licenses, passport data, government ID numbers, permanent resident cards, immigration status information, and information on dependents.

It was also reported that some of the top members of the notorious TrickBot malware (opens in new tab) family have also recently joined Conti’s ranks. 

Via: BleepingComputer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.