New Conti ransomware source code gets leaked

New versions of Conti's ransomware source code have been reportedly leaked by a researcher displeased with the group's public declaration of support to Russia. Previously, the pro-Ukraine individual leaked an older version of the ransomware.

Conti is a Russian-speaking ransomware group that also operates a ransomware-as-a-service business model. Conti is known for its devastating cyberattack on Ireland's Health Service Executive in May last year.

Researchers analysed the leaked data and found out that while some Conti members are recruited through underground forums, others aren't even told that they are interviewing with cybercriminals. Instead, some potential hires were told that they would be helping in the development of software for legitimate penetration testers and analytics.

Conti is made up of individuals tasked with different duties – including malware coders, tests, system administrators and HR personnel who deal with hires, as well as negotiators who deal with victims and try to ensure a blackmail payment is made.

While some ransomware payments are made in the millions, the average demand made by Conti members is just over $765,000. Conti's declaration of support for Russia's invasion of Ukraine also led to the leak of the group's internal chat logs.

Recently, Google exposed the inner workings of Exotic Lily, an initial access broker (IAB) that sells network access to threat groups including Conti and Diavol. The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI have previously warned organizations of Conti activity. It is estimated that hundreds of organizations in the United States alone have fallen prey to Conti.