According to experts, Conti has already extorted 2,5 billion dollars with ransomware in recent years. Now it is clear: the group is based in Russia and has internally backed the Russian war of aggression. However, some Ukrainians or opponents of the war probably worked in the group and did not agree with it. Now chats and codes have been leaked and, according to experts, also the crown jewels - the source code.
It was probably no coincidence that the data with 60.000 internal chats of the Conti group was leaked to a Ukrainian security researcher. According to the first statements, the chats should show that, in addition to a tough everyday business life, the everyday problems of employees were also discussed. However, there are also many code parts that were exchanged in this way and discussions about certain software mechanisms or the exploitation of vulnerabilities by exploits. What exactly is in the chats will probably only become known slowly in the next few weeks.
Russia against Ukraine – also internally at Conti
According to experts, the ransomware group Conti has already stolen up to 2,5 billion dollars through extortion. The experts always suspected that Conti is based in Russia. So far nobody has been able to prove that. You don't have to do that anymore, the Conti confirmed that himself. Internally, the group's leadership has sided with Russia in the chat and probably ordered that they want to support the attack on Ukraine. Conti are also said to have close ties to the Russian secret service FSB. Apparently, Ukrainians and opponents of the war also worked in the group. At least one of them copied 60.000 chats and handed them over to the Ukrainian security researcher.
Conti Leak is a veritable gold mine
In the chats there are probably also a lot of used codes for malware. As if this information and the evaluable code weren't enough: the Ukrainian security researcher has already published a further 107.000 chat messages. According to winfuture.de go back to mid-2020, i.e. the period when Conti started operations. Further evaluation promises even more insight into the group, its structures and code.
Crown jewels found – experts cheer
According to the website BleepingComputer the source code for Conti's ransomware tools collection was also discovered. Although this data was encrypted, it could probably be cracked by a security researcher. And then there they were, the crown jewels: the encryptor, the decryptor, and the builder. Everything you need to examine Conti's ransomware and analyze its mechanisms. The ransomware source code is now open.
Conti ransomware source code decrypted
Knowing this, security researchers now have a lot of work ahead of them. After all, this knowledge also makes it easier to develop decryption tools. That would be good too, because the Conti Group doesn't seem to shy away from anything. Loud golem.de the chats are said to have contained a paragraph about the Conti ransomware attack in October 2020 on almost 430 medical facilities in the USA. It says, "Fuck the clinics in the US this week." And further: “There will be panic. 428 hospitals.” But none of that mattered to the group.
More at BleepingComputer.com