Conti ransomware

A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals who are siding with Russia in its invasion of Ukraine.

Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in the development of numerous malware families, it is considered one of the most active cybercrime activities.

However, after the Conti Ransomware operation sided with Russia in its invasion of Ukraine, a Ukrainian researcher named ‘Conti Leaks‘ decided to leak data and source code of the ransomware gang in revenge.

Constantly siding with Russia in the invasion of UkraineConstantly siding with Russia in the invasion of Ukraine
Source: BleepingComputer

Last month, the researcher published nearly 170,000 internal chat conversations between the Conti ransomware gang members, from January 21, 2021 to February 27, 2022. These chat messages provide detailed insights into the operation’s activities and the involvement of the members.

The researcher later leaked the old Conti ransomware source code dated September 15, 2020. Although the code was quite old, researchers and law enforcement were able to analyze the malware to better understand how it works.

More recent Conti source code released

Today Conti Leaks uploaded the source code for Conti version 3 to VirusTotal and posted a link on Twitter. Although the archive is password protected, the password should be easily determined from the following tweets.

source conti v3. https://t.co/1dcvWYpsp7

— conti leaks (@ContiLeaks) March 20, 2022

This source code is much newer than the previously released version, with the last modified date being January 25, 2021, making it more than a year newer than the previously released code.

Conti Locker version 3 source code
Source: BleepingComputer

Like the previous version, the source code leak is a Visual Studio fix that allows anyone with access to compile the ransomware locker and decryptor.

Compiling the Conti source in Visual StudioCompiling the Conti source in Visual Studio
Source: BleepingComputer

The source code compiles flawlessly and can be easily modified by other threat actors to use their own public keys or add new functionality.

As you can see below, BleepingComputer compiled the source code without any problems, creating the executable files cryptor.exe, cryptor_dll.dll, and decryptor.exe.

Compiled Conti . executablesCompiled Conti . executables
Source: BleepingComputer

Releasing ransomware source code, especially for advanced operations like Conti, could have disastrous consequences for corporate networks and consumers. This is because it is very common for other threat actors to use the released source code to create their own ransomware operations.

In the past, a researcher published the source code for a ransomware called “Hidden Tear” that many threat actors quickly adopted to launch various operations.

Although Hidden Tear can be decrypted, it led to a plague of new ransomware infections that terrorized consumers and businesses for years.

More recently, a threat actor leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum.

Within days, other threat actors were exploiting the source code for their use and new ransomware operations were launched, such as Rook and Pandora.

With the ongoing leaks of the Conti ransomware gang’s source code, it’s only a matter of time before other threat actors use it to launch their own operations.



This post More Conti ransomware source code leaked on Twitter in revenge

was original published at “https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/”

LEAVE A REPLY

Please enter your comment!
Please enter your name here