A security researcher aggrieved by the Conti ransomwareโs support to the Russian government has been leaking its data regularly.
The trove data contained Conti ransomwareโs internal messages, backdoor malware APIs, servers screenshots, and the source code for their malware builder, encryptor, and decryptors. All these are now public and could be used by other threat actors for making their own ransomware.
Leaking Conti Ransomware Source Code
Last month, Conti ransomware siding with Russia in its war against Ukraine had provoked many affiliates, especially the Ukrainian ones. As they express grievance in underground forums, a security researcher whoโs been tracking the Conti gang for a while has decided to expose the ransomwareโs secrets to the public.
BREAKING: @HoldSecurity tells me Conti's systems have been infiltrated by cybercrime researchers for some time. The data was dumped by a Ukrainian cyber security researcher pissed off after Conti expressed support for Russia in the conflict. #infosecurity
— The Ransomware Files (@ransomwarefiles) February 28, 2022
On Sunday, he started sharing a trove of data belonging to Conti ransomware on Twitter through his @ContiLeaks handle. He initially leaked 393 JSON files containing over 60,000 internal messages from the private XMPP chat server of Conti and Ryuk ransomware gangs.
Also Read- Wipers and Worm Malware Spotted in Ukraine Govt Systems
All those messages were from January 21st, 2021 to February 27th, 2022, and have senstive details like the Conti gangโs modus operandi, bitcoin addresses, plans on evading law enforcement, etc.
The very next day, more data kept flowing in in the form of 148 additional JSON files having over 107,000 internal messages since June 2020 โ a time when Conti ransomware started its operation.
These also include the gangโs source code for the gangโs administrative panel, the BazarBackdoor API, screenshots of storage servers, etc. However, whatโs really exciting among them is a password-protected archive containing Conti ransomwareโs source code, encryptor, decryptor, and builder.
Also Read- Meta Removed 40 Fake Russian Accounts Spreading Misinformation
Though itโs protected, another researcher managed to break open it and publish the code for the public! As all these created ruckuses in the Conti ransomware, we may see many of its affiliates migrating to other ransomware groups.
Though the data leaked now affects the Conti gang, this could turn out to be bad for the security community, as we may see more threat actors using this publicized source code for building their own ransomware operations soon.
