A Ukrainian researcher in the field of cybersecurity continues to deliver crushing blows to the extortionate Conti group. Earlier, the enthusiast leaked the internal conversations of the group to the Network, and now published the source code of the ransomware program, administrative panels and much more.
First, the researcher published 393 JSON files containing more than 60 thousand internal messages from the private XMPP server of the Conti and Ryuk ransomware. The published messages contained various information about the group’s activities, including previously unfixed victims, URLs of identity leaks, bitcoin addresses and discussions of their operations.
Then the expert supplemented the leak with 148 JSON files containing 107 thousand internal messages, the first of which date back to June 2020 (approximately when Conti started its activities).
Now the source code of the administrative panel of the grouping, the BazarBackdoor API, screenshots of storage servers, as well as an archive containing the source code of the cryptographer, decryptor and collector of the Conti ransomware were publicly available.
The source code will give information security experts a huge idea of how malware works. While this is good for security research, the public availability of this code has its drawbacks. With the Conti code, other attackers will try to start their own criminal operations using leaked data.