Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?



Conti Ransomware Source Code Leaked

A hacker who claims to be Ukrainian has leaked the source code of the notorious Conti ransomware after the cybercrime gang expressed its support for Russia.

A hacker who claims to be Ukrainian has leaked the source code of the notorious Conti ransomware after the cybercrime gang expressed its support for Russia.

Shortly after Russia sent its troops into Ukraine and most of the world started showing its support for Ukraine, the Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia.

They later clarified that they condemn the war and denied being the allies of any government, but said they are prepared to respond to “American cyber aggression” impacting the safety and wellbeing of peaceful citizens.

Shortly after, someone created a Twitter account called “conti leaks” and started leaking files associated with the Conti ransomware operation. Some say the individual behind the leaks is a Ukrainian security researcher, while others say he/she is a Ukrainian member of the Conti group.

[ READ: Russia vs Ukraine – The War in Cyberspace ]

The first files contained tens of thousands of messages exchanged by Conti members since January 2021. The exposed information included Bitcoin addresses, conversations with victims, IP addresses and other infrastructure data.

The “conti leaks” account has continued releasing files, including more Conti chat logs, credentials, email addresses, screenshots, C&C server details, and information on servers used to store stolen files. They also leaked what appears to be source code for the Conti ransomware and other malware associated with the group, including some TrickBot code.

The files also appear to contain the source code of a Conti decryptor, but Emsisoft ransomware specialist Fabian Wosar noted that it’s not the latest version and — even if it was the latest version — it’s useless without the victim’s private key.

The leaker has also published the name of a Russian software engineer who was allegedly involved in the development of Conti.

While a detailed analysis of all the leaked files might reveal something useful for the cybersecurity community, the fact that the Conti source code has been made available could cause more harm than good, according to many members of the community.

For instance, the leaked source code could be used by less experienced cybercriminals to create their own ransomware. It’s not uncommon for open source malware allegedly created for educational purposes to be leveraged by malicious actors looking to make a profit.

Conti source code leak

It’s worth noting that the leaker placed the Conti source code in a password-protected archive and claimed they would only share the password with trusted individuals “to avoid more damage,” but someone quickly managed to crack the archive.

Related: REvil Ransomware Operator Bids for KPot Stealer Source Code

Related: Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks

Related: U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.