A Ukrainian security researcher has published a new source code of malware used by the cyber-extortion group Conti, in retaliation for the support she expressed to the Russian government in the conflict with Ukraine.
When Conti sided with Russia, a Ukrainian activist, who called himself Conti Leaks, decided to merge its data and source code. Last month, he also published almost 170 thousand internal chats of the group, dated January-February 2022 and shedding light on the internal structure of Conti.
The source code previously published by the researcher was dated September 15, 2020. However, although it was quite old, based on its analysis, the researchers were still able to better understand how the Conti ransomware works.
Now Conti Leaks has uploaded the source code of the third version of Conti to VirusTotal and published a link on Twitter. Although the archive is password protected, this password can be easily found in subsequent tweets.
This source code is much newer than the previous published versions, since the last changes were made to it on January 25, 2021.
Like previous Conti Leaks publications, the new source code is presented as a Visual Studio solution that allows anyone with access to compile the ransomware and the decoder. The source code is compiled without errors and can be easily modified by other cybercriminals who want to use their own public keys and add new functions.