The Conti gang has suffered another major blow after the source code for its ransomware encryptor, decryptor, and builder was leaked.
The flow of information out of the gang’s operations began last week when a Ukrainian researcher shared over a year’s worth of internal chat logs. That researcher went on to create the Twitter account @ContiLeaks and has continued to leak information.
As BleepingComputer reports, in the latest round of data dumps the researcher leaked a further 107,000 internal chat messages, as well as the gang’s administrative panel, BazarBackdoor API, TrickBot command and control server source code, storage server screenshots, and best of all—a password-protected archive containing the Conti ransomware source code.
It didn’t take long for another researcher to crack the password, which revealed the source code for the ransomware’s encryptor, decryptor, and builder. This will allow the wider research community to dive into the code and hopefully produce countermeasures to help anyone infected with the ransomware to remove it. However, as the source code is freely available, it could also lead to some copycat ransomware operations being created in the short term.
The ongoing data leak is a reaction to the gang’s decision to back the Russian government and Putin’s actions against Ukraine, while also threatening to retaliate against anyone attacking Russia. The question now is how much more information is left to leak about Conti, and will the gang be able to recover from it and continue its malicious operations?