Conti source code leaked by Ukrainian researcher
Source code hits the public domain as fallout continues over ransomware group's support for Russia
The researcher who leaked internal chats from the Conti ransomware group has now published its source code and appears to have doxxed one of its developers.
The leaker, going under the Twitter name @Contileaks, had originally published internal chats from the group on Sunday in response to its declaration of support for the Russian invasion of Ukraine. They followed it up by publishing the source code overnight.
The researcher published the code as a password-protected file, prompting a flurry of requests for access. They explained that they would release the password to trusted parties, saying in a tweet: "conti src password shared only with trusted ppl for now. to avoid more damage!"
However, earlier this week, another researcher appeared to have cracked the password and shared the code online.
Other code released in the ContiLeaks dumps appears to include the source for the TrickBot command dispatcher and data collector. The researcher also published access details for several storage servers used by the Conti group yesterday.
The leak also extended to personal information. The researcher tweeted what they claim is the GitHub page and Gmail address gleaned from the code. The address is flagged in the code as an developer for the Conti group, but responses to the tweet suggest that the developer did not know that he was writing back-end code for a ransomware operation.
Amid the data posts, the researcher continued to criticize the Russian government for its attack on Ukraine, posting: "more sanctions! they destroy hospitals, and a lot of ppl died! even some of my friends !"
Screenshots have appeared of the Conti recovery dashboard and the BazarLoader command and control panel used to control infected devices.
Others claimed that the source code is not the latest version. The leaked code allegedly dates back to September 2020.
Since the initial leaks occurred, various analyses have appeared online detailing the bitcoin addresses used by the group, along with lists of email addresses found it its correspondence. Other information now freely available online includes hundreds of data points detailing domains used in the ransomware's command and control infrastructure, along with the gang's active dark web chat IDs.
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
