A few days ago, a Ukrainian security researcher named Conti Leaks had leaked conversation data and source code belonging to the Conti ransomware group. The same researcher has leaked the additional source code of the ransomware operation.
The leaked source code
The reason behind these leaks is said to be the revenge for the ransomware group supporting Russia at the time of the invasion in Ukraine. The additional source code includes several artifacts that are apparently more recent as compared to the previous leaks.
The leaked information is the new source code of a lately updated version of Conti, suspected to be modified on January 25, 2021. The previously leaked code was dated 2020.
The source code was uploaded on VirusTotal and its link was posted on Twitter.
The posted archive is password-protected and the password could be found from subsequent tweets.
Ready to use code
The source code leak is a Visual Studio solution that can be decompiled easily, thus allowing anyone to compile the code and the decryptor.
The source code compiles without error. This implies that any threat actor with access to this code can open it, update the code to use its own public keys, or add new functionalities.
Conti is not the first
In the past, more malware faced leakage of their source code such as Hidden Tear and Babuk. The leaked source was later used in new ransomware operations such as Rook and Pandora.
Conclusion
The recent leak may help the security community to better understand Conti ransomware operations. However, it may help other cybercriminals to create their own custom ransomware. Thus, organizations are always suggested to use basic security practices including taking regular backup and having anti-malware solutions in place.