Conti ransomware source code leaks

Ddos March 24, 2022 2 minutes read

Conti, a notorious ransomware gang, has over the past two years attacked multiple multinational companies around the world while encrypting data and stealing data, threatening those companies with data backups to pay ransoms or leak confidential data.

Members of this ransomware gang are located in Russia or countries surrounding Russia, and Conti claimed support for Russian military operations when Russia marched into Ukraine.

Later, someone published the data of Conti’s internal chat server on the Internet. These data include daily communication between Conti members, and some data supporting the server were also stolen.

Previously, there were rumors that the data was leaked because of internal strife within Conti because of whether they supported or opposed Russia. This is purely a rumor, in fact, the data leak was a Ukrainian security researcher who infiltrated Conti to steal data and sabotage it.

Now that the second wave of sabotage has begun, the researcher released the source code of the Conti ransomware. The Conti gang encrypted the ransomware source code and placed it on the server. The researchers did not have the password, so they could not decrypt it. However, after the data was released, other security personnel had successfully cracked the encrypted password and made the Conti source code public.

This is absolutely good news for security companies, as security companies can study the operation process of this type of ransomware through the source code, and can also look for potential weaknesses to make decryption tools.

BleepingComputer, a website that focuses on security information, has compiled and verified the source code and verified that the code is valid, and core files such as cryptor.exe, cryptor_dll.dll, and decryptor.exe can be successfully created.

Unfortunately, while security companies can study these codes, other ransomware gangs can also use them to develop other ransomware.