A faceless Cybersecurity researcher is now helping Ukraine launch a counterattack against Conti, a ransomware group that sided with Russia and is continuously targeting Ukraine.
Cybersecurity Hacker Defends Ukraine
A cybersecurity researcher, a Ukrainian hacker, only known as 'Conti Leaks' on Twitter has exposed the latest leak of newer malware source code from the Conti ransomware operation.
Conti is a well-known group of threat actors that provides ransomware as a service (RaaS), allowing affiliates access to its infrastructure in order to launch attacks. Conti is a highly sophisticated ransomware gang that was formed in mid-2020.
Conti is believed to have connections with Russian intelligence apart from being based in Russia and having predominantly Russian group members.
Due to their involvement in the development of numerous malware families, they are considered to be one of the most active cybercrime organizations in the world.
Unfortunately, the Conti Ransomware group stated that they will side with Russia in this geopolitical aggression. With that, Conti Leaks, a Ukrainian cybersecurity researcher decided to retaliate and defend Ukraine through publicly leaking data and source code belonging to the Russian threat actors.
Conti Leaks uploaded a link on Twitter yesterday, March 20. Conti Leaks published a link to the source code for Conti version 3 on VirusTotal, as well as a link to the source code on Twitter.
In spite of the fact that the archive has been password-protected, the password should be easily deduced from subsequent tweets.
As reported by Bleeping Computer, the recent open-source code posted on Twitter contains much newer data dated to have been created on Jan. 25, 2021.
Conti Leaks released the source code in Visual Studio solution to permit other actors to access the file and access to compile the ransomware locker and decryptor.
Since the source code compiles without errors, other threat actors can easily modify it so that it can be used with their own public keys or that it can include new functionality.
As an example, BleepingComputer successfully compiled the source code and generated three executables, cryptor.exe, cryptor dll.dll, and decryptor.exe, without encountering any problems.
Conti Leaks is targeting Conti as a way to retaliate against their actions in supporting conflict in Eastern Europe. However, there are also imposed dangers in releasing publicly multiple ransomware source code.
This can be utilized by other actors in creating their own ransomware operations, this scenario has been very common and has been done in the past.
Conti Sides With Russia
Conti has been compromised heavily during these times ever since they revealed their support for Russia's actions. This is not the only attack Conti Leaks made against the Russian-based ransomware group.
As reported by TechCrunch, the ransomware group has been compromised with 400 files, each of which contains tens of thousands of internal chat logs from the Conti group, all written in the group's native Russian
The leaked data set has about 400 files containing tens of thousands of internal chat logs of the Conti group in their native Russian.
From January 2021 to January 2021, the data includes approximately a year's worth of messages, which corresponds to approximately six months after the group's formation in mid-2020.
Related Article: Anonymous Continues Hacking of Russia, Targets Streaming Services