After leaking over 60,000 Conti Team internal chat messages, a Ukrainian researcher delivers another crippling blow to the operation by revealing further communications, administrative panels, and the ransomware’s source code.
The researcher leaked on Sunday 393 JSON files holding more than 60,000 internal messages sent between Jan. 21, 2021, and Feb. 27, 2022, between Conti and Ryuk ransomware gang members by hacking into the organization’s private XMPP chat server.
Conversations included crucial information that could help security experts and authorities, such as gang organization details, bitcoin addresses, law enforcement evasion, Tactics, Techniques, and Procedures (TTP), and more.
Furthermore, the leaker “promised” the content is “very interesting” and stressed that it’s only the first part of a more significant Conti-related leak that’s about to be released.
The Ukrainian researcher released another batch of pernicious Conti gang data on Monday, consisting of 148 more JSON files holding 107,000 internal messages between the organization’s members since June 2020 - the approximate launch date of the Conti ransomware operation.
Newly leaked files also included critical data such as the BazarBackdoor API, storage server screenshots, the source code for Conti gang’s administrative panel, and a password-protected archive holding the source code of the Conti ransomware encryptor, decryptor, and builder.
Although the initial leak didn’t provide the password to the archive, another security researcher managed to crack it, thus making the Conti ransomware source code publicly accessible.
While having access to this code can help cybersecurity experts analyze it and develop new ways to mitigate attacks, it could also let cybercriminals create custom versions of the ransomware and launch their own criminal campaigns.
Currently, it’s unclear if the leaker plans to release or even holds more critical Conti-related content. Nevertheless, the already-leaked data has put a massive dent in the gang’s criminal operation.