A Ukrainian researcher snooping on the Conti ransomware group operations has leaked the gang’s internal communications in midst of rising cross-border cyberattacks with Russia.
Diving into the matter
Conti’s internal records were shared—via email—with a number of journalists and security experts over the last few days.
- The researcher continued leaking further information, such as the group's administration panel source code, the BazarBackdoor API, and images of storage servers, among others.
- The leak also includes how the threat actors are organized like a business, how they avoid law enforcement, what are their bitcoin addresses, and much more.
Secrets are out in public
The researcher, who goes by the moniker ContiLeaks, initially posted 393 JSON files containing over 60,000 internal conversations taken from the group’s secret and encrypted XMPP chat server.
- A few days later, there was an additional 148 JSON files leak, enclosing 107,000 internal communications since June 2020.
- Additionally, a password-protected ZIP archive was shared for free to download. It included the source code for the Conti ransomware encryptor, decryptor, and constructor.
- The easy-to-guess password for the archive would give access to the entire source code for the Conti ransomware within minutes.
Conclusion
The leaked information regarding Conti is a devastating blow to the cybercrime enterprise. Further, the decryptor may help the victims of Conti ransomware to decrypt data for free. On the other hand, some experts fear that this code may now be leveraged by other attackers to develop new malware variants.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_390209794.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_255436279.jpg)
