Russian-based ransomware group Conti has its source code leaked

By Sean Endicott
published

A Ukrainian security researcher just shared the source code of an infamous Russian-based ransomware group.

Dell Xps 13 9300 Ports
Dell Xps 13 9300 Ports (Image credit: Daniel Rubino/Windows Central)

What you need to know

  • The source code of Conti's ransomware has been leaked by a security researcher.
  • Conti is a Russian-based cybercriminal organization that recently sided with Russia during the ongoing war in Ukraine.
  • The leaked source code could be used by security professionals to protect systems, but it could also be used by threat actors to create other ransomware operations.

Conti, a Russian-based cybercriminal organization that uses ransomware in its attacks, has had its source code leaked by a Ukrainian security researcher. The move was seemingly made in revenge for Conti backing Russia in the ongoing war in Ukraine. Conti is a well-known group of threat actors that also provides ransomware-as-a-service.

A warning by the Conti Team officially announced full support of the Russian government on February 25, 2022. "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy," said Conti (via BleepingComputer).

A Twitter account called conti leaks shared Conti's source code on March 20, 2022. The contents of the leak are password-protected, but one can be determined by security professionals and others who know where to look.

See more

The same leaker published close to 170,000 conversations by members of Conti last month. They also shared an older version of Conti's source code around the same time. The most recent leak is of a newer version of Conti's ransomware source code, which is dated January 25, 2022.

While the leak of Conti's source code was seemingly done in revenge against the cybercriminal group, there are potential consequences of the move. With the source code available to anyone, other threat actors and criminal organizations could use the code to create new ransomware threats.

Past source code leaks, including those for Hidden Tear and Babuk, led to new ransomware attacks (via BleepingComputer).

It's likely that threat actors will use the leaked source code from Conti to make new ransomware operations.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).