What you need to know
- The source code of Conti's ransomware has been leaked by a security researcher.
- Conti is a Russian-based cybercriminal organization that recently sided with Russia during the ongoing war in Ukraine.
- The leaked source code could be used by security professionals to protect systems, but it could also be used by threat actors to create other ransomware operations.
A warning by the Conti Team officially announced full support of the Russian government on February 25, 2022. "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy," said Conti (via BleepingComputer).
A Twitter account called conti leaks shared Conti's source code on March 20, 2022. The contents of the leak are password-protected, but one can be determined by security professionals and others who know where to look.
source conti v3. https://t.co/1dcvWYpsp7source conti v3. https://t.co/1dcvWYpsp7— conti leaks (@ContiLeaks) March 20, 2022March 20, 2022
The same leaker published close to 170,000 conversations by members of Conti last month. They also shared an older version of Conti's source code around the same time. The most recent leak is of a newer version of Conti's ransomware source code, which is dated January 25, 2022.
While the leak of Conti's source code was seemingly done in revenge against the cybercriminal group, there are potential consequences of the move. With the source code available to anyone, other threat actors and criminal organizations could use the code to create new ransomware threats.
Past source code leaks, including those for Hidden Tear and Babuk, led to new ransomware attacks (via BleepingComputer).
It's likely that threat actors will use the leaked source code from Conti to make new ransomware operations.
