A security researcher who was disgruntled by the stance of Conti ransomware towards Russia has leaked a data dump revealing all the secrets of the Conti gang.
These include the ransomware gang’s internal messages, backdoor APIs, Bitcoin addresses, and even the source code of it’s ransomware builder, encryptor, and decryptors.
Exposing Conti Ransomware
Even before the war began between Ukraine and Russia, a prominent ransomware group – Conti – has announced siding with Russia in this situation. They warned that anyone trying to cyberattack Russian entities will have a similar response coming from them, as they officially support Russia taking over Ukraine.
And this isn’t liked by many, including many of it’s own affiliates. Aside from them, a security researcher too who was aggrieved by this stance has started leaking all the internal data of Conti ransomware. He started dumping them in series starting on Sunday, on Twitter.
BREAKING: @HoldSecurity tells me Conti's systems have been infiltrated by cybercrime researchers for some time. The data was dumped by a Ukrainian cyber security researcher pissed off after Conti expressed support for Russia in the conflict. #infosecurity
— The Ransomware Files (@jkirk@infosec.exchange) (@ransomwarefiles) February 28, 2022
On the first day, he shared 393 JSON files containing over 60,000 internal messages of Conti and Ryuk ransomware gangs from their private XMPP chat server. All these messages are dated between January 21st, 2021 to February 27th, 2022, and revealed the ransomware’s business model, operational flow, bitcoin addresses, plans on evading law enforcement, etc.
And on Monday, an additional 148 JSON files were leaked, containing over 107,000 internal messages since June 2020 – the time when Conti ransomware started its operation. And yesterday, more data including the Conti ransomware’s administrative panel, their storage servers’ and BazarBackdoor API were leaked.
The prominent one in this dump is the source code of Conti ransomware’s builder, encryptor, and decryptors. Though these are protected by a password when leaked, another security researcher has cracked it opened it for the public.
While this can be used for legitimate studies on how the Conti ransomware worked, experts warn that there’s a potential for malicious threat actors to use this code for building their own ransomware malware for cyberattacks.
Other Trending News:- News