A Ukrainian researcher snooped successfully on Conti ransomware group operations and had leaked the gang’s internal communications in midst of rising cross-border cyberattacks with Russia over the past few days
The researcher leaked information, such as the group’s administration panel source code, the BazarBackdoor API, and images of storage servers, among others.The leak also includes how the threat actors are organized like a business, how they avoid law enforcement, what are their bitcoin addresses, and much more.
The researcher, who goes by the moniker ContiLeaks, initially posted 393 JSON files containing over 60,000 internal conversations taken from the group’s secret and encrypted XMPP chat server.
A few days later, there was an additional 148 JSON files leak, enclosing 107,000 internal communications since June 2020 and a password protected ZIP archive was shared for free to download. It included the source code for the Conti ransomware encryptor, decryptor, and constructor. The easy-to-guess password for the archive would give access to the entire source code for the Conti ransomware within minutes.
The leaked information regarding Conti is a devastating blow to the cybercrime enterprise. The decryptor may help the victims of Conti ransomware to decrypt data for free. On the other hand, some experts fear that this code may now be leveraged by other attackers to develop new malware variants.