2 March 2022

Conti ransomware source code leaks online


Conti ransomware source code leaks online

Twitter user known as ContiLeaks has released more data related to Conti ransomware gang, including the source code for the group's administrative panel, the BazarBackdoor API, and screenshots of storage servers.

The researcher began leaking data after Conti sided with the Russian government on the invasion of Ukraine. Earlier this week, ContiLeaks shared thousands of internal messages belonging to members of the Conti ransomware group, including 393 JSON files containing a total of 60,694 messages since January 21, 2021, through February 27, 2022. These messages contain various information about the gang's activities, including previously unreported victims, messages confirming the shut down of the TrickBot botnet earlier this month, private data leak URLs, bitcoin addresses, and discussions about their operations.

The new leak also includes additional 148 JSON files containing 107,000 internal messages since June 2020.

While the release of the Conti ransomware source code can be considered a good thing, as it provides more insight into the ransomware operation, it can also be used by other malicious actors to launch their own operations.

Cybersecurity Help’s statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war!

Back to the list

Latest Posts

New Android malware linked to Indian DoNot Team APT

New Android malware linked to Indian DoNot Team APT

The malware, named Tanzeem and Tanzeem Update, was first detected in October and December 2024, respectively.
21 January 2025
New STAC5143 and STAC5777 ransomware campaigns using email bombing, Microsoft Teams vishing

New STAC5143 and STAC5777 ransomware campaigns using email bombing, Microsoft Teams vishing

The campaigns are designed to overwhelm victims with massive volumes of spam emails.
21 January 2025
Sophisticated malware campaign is targeting Chinese-speaking regions

Sophisticated malware campaign is targeting Chinese-speaking regions

The attacks involve a multi-stage infection chain that delivers the ValleyRAT malware through a loader called PNGPlug.
21 January 2025