21 March 2022

Researcher leaks more Conti ransomware source code


Researcher leaks more Conti ransomware source code

A Twitter user who goes online as “ContiLeaks” has leaked a newer version of Conti ransomware source code, with the last modified dates being January 25, 2021.

The source code for Conti version 3 was uploaded to Virus Total in the form of a password-protected ZIP file. The source code leak is a Visual Studio solution that allows anyone with access to compile the ransomware locker and decryptor.

ContiLeaks has been known for their leaks of information related to the Conti ransomware operation after the group sided with Russia on the invasion of Ukraine.

At the end of February, ContiLeaks released thousands of internal messages belonging to members of the Conti ransomware group, including 393 JSON files containing a total of 60,694 messages since January 21, 2021, through February 27, 2022. These messages contain various information about the gang's activities, including previously unreported victims, messages confirming the shut down of the TrickBot botnet earlier this month, private data leak URLs, bitcoin addresses, and discussions about their operations.

Several days later, the researcher shared the source code for the group's administrative panel, the BazarBackdoor API, and screenshots of storage servers, as well as additional 148 JSON files containing 107,000 internal messages since June 2020.

Cybersecurity Help’s statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!


Back to the list

Latest Posts

Cyber Security Week in Review: April 12, 2024

Cyber Security Week in Review: April 12, 2024

In brief: Microsoft and Palo Alto fix zero-days, Sisense suffers data breach, and more.
12 April 2024
TA547 threat actor targets German orgs with Rhadamanthys info-stealer

TA547 threat actor targets German orgs with Rhadamanthys info-stealer

The group appears to have incorporated LLM-generated PowerShell scripts in their attacks.
11 April 2024
Apple enhances spyware threat notifications

Apple enhances spyware threat notifications

The company will alert users who are individually targeted by mercenary spyware attacks.
11 April 2024