Following the invasion of Ukraine, a member of the Conti ransomware group believed to be of Ukrainian origin leaked the gang’s internal communications after the group’s leaders posted an aggressive pro-Russian message on their official website on Friday, in the aftermath of the Russian invasion of the country. Internal records were disclosed via an email that was provided to a number of journalists and security experts, among other people. The records include chat logs going back a year, as well as source code for a variety of malware used by the Conti ransomware gang. This leak is a veritable goldmine of threat intelligence for researchers interested in how a successful ransomware gang of Conti’s size operates.
Threat intelligence teams should prioritize analysis of the Conti leak. This leak could result in the emergence of new strains of ransomware based on the Conti locker source code that was leaked. Malware experts who have examined the source code have remarked it is well-written and provides a good example of techniques that ransomware would need to perform in order to be successful.