New Conti ransomware source code leaked by Ukrainian security researcher

New Conti ransomware source code leaked by Ukrainian security researcher

Image:
New Conti ransomware source code leaked by Ukrainian security researcher

New leak adds to the internal Conti chat logs made public in February

A Ukrainian security researcher has published more source code from the Conti ransomware operation in retaliation for the gang's support for Russia during Ukraine's invasion.

This incident is the latest in a series of leaks from the researcher named 'Conti Leaks' who has been disclosing Conti's confidential information ever since the latter announced that it would support Russia as the county invaded its western neighbour.

On Sunday, Conti Leaks posted the source code for Conti version 3 to VirusTotal and also shared the link on Twitter.

https://twitter.com/ContiLeaks/status/1505433648023146499?ref\\_src=twsrc%5Etfw

While the archive is password-protected, the password was revealed in one of the replies to the Twitter thread.

Conti is a Russian-speaking ransomware gang known for operating a ransomware-as-a-service (RaaS) business model to extort money from victims.

The group is regarded as one of the most active cybercrime organisations in the world, thanks to their involvement in the development of various malware families.

Conti began its attacks in 2019 and has since been accused of ransomware attacks on a number of firms in the United States and Europe, including on the Irish Health Service and high street chain Fatface.

Last month, internal discussion logs from the organisation were leaked to the public for the first time after the gang announced support for Russia's invasion of Ukraine.

'Conti Leaks' reportedly hacked the gang's internal Jabber/XMPP server and sent internal logs to multiple security researchers and journalists. The leaked files contained thousands of messages dating from 21 January 2021 to 27 February 2022 and also included information on previously undisclosed victims, bitcoin addresses, private data breach URLs and discussions regarding the gang's actions.

Experts believe these internal communications could provide detailed insight into the gang's activities and engagement of its members.

After leaking Conti's chat messages, the researcher also released the source code of an old version of Conti ransomware, which was dated September 15, 2020.

Although the code was somewhat old, it enabled researchers and law enforcement to evaluate the malware and get a better understanding of how it operates.

The Ukrainian security researcher has now published the source code for Conti version 3, which was last edited on January 25th, 2021, making it more than a year newer than the code that was previously provided by Conti Leaks.

According to Bleeping Computer, the source code compiles without error and could be easily modified by other threat groups to include new features or for use with their own public keys.

The leak could also cause the Conti ransomware operation to be temporarily disrupted as security professionals reverse-engineer the code to learn how the Conti ransomware operates and to develop a workable decrypted version.

Earlier this week, security firm's eSentire and BreakPoint Labs shared details of an affiliate of the Conti ransomware gang, and urged organisations to watch out for Indicators of Compromise (IoCs) by the threat actor.

The researchers provided new accounts, specific IP addresses, domain names and Protonmail email accounts linked to the Conti affiliate, as well as the details of the vulnerabilities it uses to attack its victims.