A new data leak regarding the Conti hack group has been published on Twitter – an unknown person who compromised the hackers’ servers last month published another batch of the group’s source codes.
Let me remind you that this story began back in February 2022, when an anonymous information security researcher who had access to the infrastructure of hackers (according to other sources, this was a Ukrainian member of the hack group itself) decided to take revenge on Conti. The fact is that the group announced that it fully supports “special military operation” in Ukraine and the actions of the Russian government.As a result, all the internal chats of hackers over the past year were first released to the public (339 JSON files, each of which is a log for a single day), and then another portion of the logs was published (another 148 JSON files containing 107,000 internal grouping messages) and other data related to Conti, including control panel source code, BazarBackdoor API, old ransomware source code, server screenshots, and more.
Over the weekend, the same person (ContiLeaks on Twitter) uploaded the archive with the source code of the Conti version 3 malware to VirusTotal. Although the archive is password protected, the password can be easily guessed by reading ContiLeaks tweets.
This source code is much newer than the previously published version and was last modified on January 25, 2021. As before, the leak is presented in Visual Studio format and allows anyone to compile a working ransomware and a decryptor for it.
Bleeping Computer journalists write that they were able to easily compile the source codes, having received the executable files cryptor.exe, cryptor_dll.dll and decryptor.exe.
Experts and the media point out that publishing the source codes of a ransomware (especially one as complex as Conti) could be disastrous for both companies and consumers. The fact is that other hackers can use the leaked sources to create their own ransomware and their own operations.
The examples are very demonstrative, for instance, in the past, dozens of other malware were created based on the open-source encryptor Hidden Tear, the source code of which was freely available on GitHub. A similar situation was observed after the source code of the Babuk ransomware was leaked to the public, which other attackers quickly adapted to their needs. Alas, you can expect Conti to be no exception.
Let me remind you that we also wrote that TrickBot merges with Conti ransomware group.
We also wrote due to the Russian aggression against Ukraine, The Ministry of Defense of Ukraine stared using the Clearview AI face recognition system.