Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code
Shortly after Russia launched its invasion of Ukraine, the notorious Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia. In response, an anonymous individual set up a Twitter account named “Conti Leaks” and started releasing files allegedly stolen from the cybercrime gang. The first round of leaks represented messages exchanged between members of the Conti organization in the past year. The second round included more chat logs, credentials, email addresses, C&C server details, as well as source code for the Conti ransomware and other malware. After more than two weeks of inactivity, the Twitter account once again became active over the weekend and made available what appears to be the source code of a newer version of Conti. Previously, some described the leaker as a security researcher from Ukraine while others suggested they were a rogue member of the Conti group. Leaked messages exchanged between the cybercrime group’s members showed that they too believed one of them could be behind the breach.