Ukrainian researcher leaked the source code of Conti Ransomware

A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels.

Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group.

Clearly, the attack against the Conti ransomware and the data leak is retaliation for its support for the Russian invasion of Ukraine.

The attack will have a significant impact on the operation of the gang, considering also that many Conti’s affiliates are Ukrainian groups.

The researchers who leaked the data belonging to Conti’s communications announced more dumps are coming, and now he is leaking the source for their ransomware, including the administrative console.

According to BleepingComputer, the researcher leaked additional 148 JSON files containing 107,000 internal messages since June 2020, a time-lapse that covers the entire life of the group since its launch.

The leaked data in this second round include the source code for the Conti ransomware encryptor, decryptor, and builder, along with the administrative panel and the BazarBackdoor API.

The source code for the ransomware is contained in a password-protected archive, despite the researcher did not leak the password, another expert cracked it and share it.

The public availability of the source code could temporarily destroy the Conti ransomware operation because security experts could perform reverse engineering to determine how it works and develop a working decrypted.

On the other side, other threat actors could perform reverse engineering to develop their own version of the threat, a circumstance that opens to worrisome scenarios.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Conti Ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Anonymous and its affiliates continue to cause damage to Russia »

Previous « IsaacWiper, the third wiper spotted since the beginning of the Russian invasion

Published by

Pierluigi Paganini

Tags: Conti ransomwaredata breachHackinghacking newsinformation security newsPierluigi PaganiniRussiaSecurity AffairsSecurity NewsUkraine

3 years ago

Russian media outlets Telegram channels blocked in European countries

Telegram restricted access to Russian state-owned news channels in several European countries, including Poland, France,…

3 hours ago

Intelligence

Three Russian-German nationals charged with suspicion of secret service agent activity

German authorities have charged three Russian-German nationals with suspicion of, among other things, secret service agent activity…

6 hours ago

Lumen reports that it has locked out the Salt Typhoon group from its network

Lumen reports that the Salt Typhoon hacking group, which targeted at least nine U.S. telecom…

8 hours ago

Breaking News

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

HHS OCR proposed updates to the HIPAA Security Rule to boost cybersecurity for electronic protected…

22 hours ago

Laws and regulations

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

The U.S. Treasury sanctioned entities for disinformation tied to Russian and Iranian intelligence before the…

1 day ago

Cyber Crime

Rhode Island ’s data from health benefits system leaked on the dark web

Rhode Island ’s health benefits system was hacked, and threat actors leaked residents' data on…

2 days ago

This website uses cookies.