Security News > 2022 > March > Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang's administrative panels, among other core secrets.

On Monday, vx-underground - an internet collection of malware source code, samples and papers that's generally considered to be a benign entity - shared on Twitter a message from a Conti member saying that "This is a friendly heads-up that the Conti gang has just lost all their sht."

TTPs. The Conti Rocket Chat Leaks contains a chat history of Conti members swapping tips about targets and carrying out attacks via crooks' favorite: Cobalt Strike, the legitimate, commercially available tool used by network penetration testers and by crooks to sniff out vulnerabilities.

The dump also contains the source code for Conti Locker v2, which was first leaked as a password-protected zip file but then again without any password.

Besides the source code for v2 of the ransomware encryption source code, the leak also contained source code for the decryptor - a decryptor that reportedly won't work, as pointed out on Twitter.

Just a heads up: The decryptor code contained within this package is not the latest version and will not work for the most recent Conti victims.

News URL

https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/