Revenge hackers leak more Conti ransomware source code

A newer version of the source code for the Conti ransomware has been leaked online, reportedly by the same person who’s been tearing the group apart for the past three weeks.

The incident is the latest in a series of leaks from a Ukrainian cybersecurity researcher who is running a personal vendetta of sorts against Conti, ever since the latter declared it would side with Russia, as it invades its western neighbor.

That being said, the source code for Conti version 3 was uploaded to VirusTotal, and linked on Twitter. The archive is protected with a password, but the password was posted in one of the replies to the Twitter thread. 

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Conti’s chat logs leaked 

This is not the first time the researcher publishes Conti’s source code online, but unlike the previous leak, which was for a much older version of the ransomware, this one is dated January 25, 2021, making it at least a year younger than the earlier leak.

BleepingComputer notes the source code leak is a Visual Studio solution that anyone can use to compile the ransomware locker and decryptor, and that it works just fine. The publication managed to compile it with no issues. 

While this doesn’t mean whoever gets infected can use the source code to obtain a master key, it does mean that Conti copycats might start popping up, and that could hurt the group’s operations.

Before leaking the source code, the researcher also leaked tens of thousands of private chat messages, some of which might even lead to arrests. Initial investigations suggest the chat logs disclose details such as previously unreported victims, private data leak URLs, bitcoin addresses, and discussions about their operations.

Conti is an active ransomware group, which only recently hit American cookware distributor Meyer, stealing sensitive employee information. 

The group seems to have taken Meyer employees’ full names, physical addresses, birthdates, gender and ethnicity information, Social Security numbers, health insurance information and data on employee medical conditions, random drug screening results, Covid vaccination cards, driver’s licenses, passport data, government ID numbers, permanent resident cards, immigration status information, and information on dependents.

It was also reported that some of the top members of the notorious TrickBot malware family have also recently joined Conti’s ranks. 

Via: BleepingComputer

Go to Source