Security Experts:

Connect with us

Hi, what are you looking for?



Conti Ransomware Source Code Leaked

A hacker who claims to be Ukrainian has leaked the source code of the notorious Conti ransomware after the cybercrime gang expressed its support for Russia.

A hacker who claims to be Ukrainian has leaked the source code of the notorious Conti ransomware after the cybercrime gang expressed its support for Russia.

Shortly after Russia sent its troops into Ukraine and most of the world started showing its support for Ukraine, the Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia.

They later clarified that they condemn the war and denied being the allies of any government, but said they are prepared to respond to “American cyber aggression” impacting the safety and wellbeing of peaceful citizens.

Shortly after, someone created a Twitter account called “conti leaks” and started leaking files associated with the Conti ransomware operation. Some say the individual behind the leaks is a Ukrainian security researcher, while others say he/she is a Ukrainian member of the Conti group.

[ READ: Russia vs Ukraine – The War in Cyberspace ]

The first files contained tens of thousands of messages exchanged by Conti members since January 2021. The exposed information included Bitcoin addresses, conversations with victims, IP addresses and other infrastructure data.

The “conti leaks” account has continued releasing files, including more Conti chat logs, credentials, email addresses, screenshots, C&C server details, and information on servers used to store stolen files. They also leaked what appears to be source code for the Conti ransomware and other malware associated with the group, including some TrickBot code.

The files also appear to contain the source code of a Conti decryptor, but Emsisoft ransomware specialist Fabian Wosar noted that it’s not the latest version and — even if it was the latest version — it’s useless without the victim’s private key.

The leaker has also published the name of a Russian software engineer who was allegedly involved in the development of Conti.

While a detailed analysis of all the leaked files might reveal something useful for the cybersecurity community, the fact that the Conti source code has been made available could cause more harm than good, according to many members of the community.

For instance, the leaked source code could be used by less experienced cybercriminals to create their own ransomware. It’s not uncommon for open source malware allegedly created for educational purposes to be leveraged by malicious actors looking to make a profit.

Conti source code leak

It’s worth noting that the leaker placed the Conti source code in a password-protected archive and claimed they would only share the password with trusted individuals “to avoid more damage,” but someone quickly managed to crack the archive.

Related: REvil Ransomware Operator Bids for KPot Stealer Source Code

Related: Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks

Related: U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.