The source code of a fresh version of the Conti ransomware has been disclosed by a Ukrainian security researcher. This is the latest in a string of leaks sparked by the criminal group's support for Russia. Conti is a ransomware gang based in Russia which uses a ransomware-as-a-service (RaaS) business model. While some ransomware demands are in the millions of dollars, Coveware thinks the average Conti demand is just over $765,000.
The renowned Conti ransomware organization published a statement soon after Russia launched its incursion of Ukraine, warning this was prepared to strike the key infrastructure of Russia's adversaries in revenge for any assaults on Russia.
In response, an anonymous user created the "Conti Leaks" Twitter account and began distributing materials supposedly stolen from the cybercrime ring. The first set of disclosures included correspondence sent within the Conti organization in the preceding year. More chat logs, credentials, email addresses, C&C server information, and source code for the Conti ransomware and other malware were included in the second phase.
After a period of inactivity of more than two weeks, the Twitter account resurfaced over the weekend, releasing what looks to be the source code for a newer version of Conti.
Previously, some speculated that the leaker was a Ukrainian security researcher, while others speculated that he was a rogue employee of the Conti group. Messages were leaked and shared.
The discharge of ransomware source code, particularly for advanced operations such as Conti, can have catastrophic consequences for corporate networks and consumers. This is due to the fact other threat actors frequently exploit the disclosed raw code to create their own ransomware attacks. In the past, a researcher released the source code for ransomware called 'Hidden Tear,' which was soon adopted by several threat actors to begin various operations.