Hacker leaked a new version of Conti ransomware source code on Twitter

A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict.

Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia

The attack against the Conti ransomware and the data leak is retaliation for its support for the Russian invasion of Ukraine.

The attack will have a significant impact on the operation of the gang, considering also that many of Conti’s affiliates are Ukrainian groups.

Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group.

In a second round, the expert leaked the old source code for the Conti ransomware encryptor, decryptor, and builder, along with the administrative panel and the BazarBackdoor API. The leaked old Conti ransomware source code is dated September 15th, 2020.

The source code for the ransomware is contained in a password-protected archive, despite the researcher did not leak the password, another expert cracked it and share it.

The public availability of the source code could temporarily destroy the Conti ransomware operation because security experts could perform reverse engineering to determine how it works and develop a working decrypted.

On the other side, other threat actors could perform reverse engineering to develop their own version of the threat, a circumstance that opens to worrisome scenarios.

Now the Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation, the code is dated January 25th, 2021.

The code appears to be more recent than the previous leak, according to Bleeping Computer Conti Leaks uploaded the source code for Conti version 3 to VirusTotal and shared a link on Twitter.

“The source code compiles without error and can be easily modified by other threat actors to use their own public keys or add new functionality.” reported BleepingComputer. “BleepingComputer compiled the source code without any issues, creating the cryptor.exe, cryptor_dll.dll, and decryptor.exe executables.”

On the other side, other threat actors could perform reverse engineering to develop their own version of the threat, a circumstance that opens to worrisome scenarios.

Recently the source code for the Babuk ransomware was leaked online and threat actors exploited its availability to launch their own operations, such as the Rook

Within days, other threat actors used the source code for their use, and new ransomware operations were launched, such as the Rook ransomware.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.