Recommended reading

Russian-based ransomware group Conti has its source code leaked

News
By published

A Ukrainian security researcher just shared the source code of an infamous Russian-based ransomware group.

Dell Xps 13 9300 Ports
Dell Xps 13 9300 Ports (Image credit: Daniel Rubino/Windows Central)

What you need to know

  • The source code of Conti's ransomware has been leaked by a security researcher.
  • Conti is a Russian-based cybercriminal organization that recently sided with Russia during the ongoing war in Ukraine.
  • The leaked source code could be used by security professionals to protect systems, but it could also be used by threat actors to create other ransomware operations.

Conti, a Russian-based cybercriminal organization that uses ransomware in its attacks, has had its source code leaked by a Ukrainian security researcher. The move was seemingly made in revenge for Conti backing Russia in the ongoing war in Ukraine. Conti is a well-known group of threat actors that also provides ransomware-as-a-service.

A warning by the Conti Team officially announced full support of the Russian government on February 25, 2022. "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy," said Conti (via BleepingComputer).

A Twitter account called conti leaks shared Conti's source code on March 20, 2022. The contents of the leak are password-protected, but one can be determined by security professionals and others who know where to look.

The same leaker published close to 170,000 conversations by members of Conti last month. They also shared an older version of Conti's source code around the same time. The most recent leak is of a newer version of Conti's ransomware source code, which is dated January 25, 2022.

While the leak of Conti's source code was seemingly done in revenge against the cybercriminal group, there are potential consequences of the move. With the source code available to anyone, other threat actors and criminal organizations could use the code to create new ransomware threats.

Past source code leaks, including those for Hidden Tear and Babuk, led to new ransomware attacks (via BleepingComputer).

It's likely that threat actors will use the leaked source code from Conti to make new ransomware operations.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 930, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.