New versions of Conti’s ransomware source code have been reportedly leaked by a researcher displeased with the group’s public declaration of support to Russia.
As reported by Bleeping Computer, a cybersecurity researcher took umbrage when the cybercriminals publicly said they supported Russia’s invasion of Ukraine.
In revenge, the individual, believed to hail from Ukraine, has been giving the ransomware operators a taste of their own hacking medicine.
Conti is a Russian-speaking ransomware group that also operates a ransomware-as-a-service (RaaS) business model. While some ransomware payments are made in the millions, Coveware estimates that the average demand made by Conti members is just over $765,000.
Over the weekend, a link to the new package was published under the “Conti Leaks” Twitter handle. The source code has been uploaded to VirusTotal and while password-protected, the information required to open the file is available to cybersecurity teams.
Previously, the pro-Ukraine individual leaked an older version of the ransomware.
Stealing and releasing the ransomware’s source code gives cybersecurity researchers and vendors the opportunity to analyze the malware and potentially create denylists, defenses, and decryptors. However, on the flip side, attackers could also grab and adapt the code for their own malware campaigns.
Conti’s declaration of support