Conti ransomware source code leaked by Ukrainian researcher

Ransomware
Image Credit: Shutterstock (Image credit: Shutterstock)

A Ukrainian researcher who recently leaked tens of thousands of chat messages belonging to the operators of the Conti ransomware, has now published the malware's source code.

Following the initial leak in which 60,000 messages were pushed online, the same researcher then leaked another 107,000 internal messages, and after that the source code for multiple Conti tools, including the group’s administration panel, the BazarBackdoor API, as well as the Conti ransomware encryptor, decryptor, and builder.

The latter three came in a password-protected archive, but was soon cracked by another researcher, providing everyone with free and easy access to Conti’s underbelly.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Conti's image taking a hit

While this doesn’t necessarily spell doom for Conti, it could result in the creation of additional ransomware groups, as the source code can now easily be adopted by other threat actors, modified a bit, and returned back to vulnerable endpoints.

Whether or not that will be the case, and what will that mean for Conti, remains to be seen. The media speculate the leak will be a major blow for the ransomware gang’s reputation, which could result in affiliates moving elsewhere.

The Russian invasion of Ukraine doesn’t seem to be paying off. Besides heavy sanctions and the country’s elimination from various international organizations and infrastructure, the backlash has also spilled into the cyber-realm.

Conti has found itself on thin ice in the internet’s underworld, as it announced siding with Russia and threatened retaliation against anyone who would assault the country’s digital infrastructure. As many of its affiliates seem to be of Ukrainian origin, it wasn’t long before Conti was forced into altering its stance and declaring “neutrality”. 

However, that doesn’t seem to have helped the group much, as the Ukrainian leakster continues to expose the group’s dirty laundry on the internet. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
Top ransomware gang's internal chat logs leaked online
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake