{
	"id": "9ae5c86f-f9dc-402e-8a54-7fcce08cedf9",
	"created_at": "2026-04-06T02:11:34.352869Z",
	"updated_at": "2026-04-10T03:21:46.692294Z",
	"deleted_at": null,
	"sha1_hash": "092745b4c4b9d3c98c56ac9e7d8b9e8c1626312c",
	"title": "The Conti ransomware leaks demonstrate what happens when hackers support Russia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 753648,
	"plain_text": "The Conti ransomware leaks demonstrate what happens when\r\nhackers support Russia\r\nBy Ofir Ashman\r\nPublished: 2022-03-22 · Archived: 2026-04-06 01:35:22 UTC\r\nMarch 22, 2022 • Ofir Ashman\r\nThe Conti ransomware group rose to fame in 2020, and while it has only been active for about 3 years, it quickly\r\nbecame on of the most prevalent - and dangerous - ransomware operations out there. Between 2020-2021 the\r\nConti gang raked in over $1.2 Billion in ransom payments, with the largest payment amounting to 180 million\r\ndollars. Just last year, these cyber attackers successfully deployed a ransomware attack on the Irish Healthcare\r\nsystem, creating dramatic human impact - and a whopping response and recovery cost of about $50,000,000.\r\nWhile in the past, some Russian and Ukranian hackers have worked side by side, the current war on Ukraine (and\r\nits unprecedented use of the internet as another field of battle), even the hackers are taking sides. After Putin\r\nordered Russian troops to invade Ukraine, the Conti gang announced its support for the Russian government in an\r\naggressive post on their website, enraging one of the group's members or associates (probably of Ukranian origin)\r\nand costing them tons of their operation's data.\r\nhttps://www.threatstop.com/blog/conti-ransomware-source-code-leaked\r\nPage 1 of 3\n\nImage: vx-underground\r\nThe anonymous individual, who had internal access to the Conti ransomware group, angrily leaked a goldmine of\r\nthe ransomware group's information. The first leak consisted of 60,000 internal chat messages belonging to the\r\nConti ransomware operation that were taken from a log server for the Jabber communication system used by the\r\ngang. Over the course of a month, 170,000 conversations were leaked, providing detailed insight into the\r\noperation's activities and its member's involvement.\r\nWhile the security industry was analyzing these rare messages (and while the Conti may have been losing their\r\ns#!$), a second wave of leaks hit in the form of a data dump including the ransomware's source code and\r\ndecryptor, as well as TrickBot malware group chats and code components. According to a Twitter update by\r\nEmisoft's Fabian Wosar, the leaked decryptor is for a previous version of the ransomware and therefore will not\r\nwork with current versions.\r\nImage:\r\nTwitter\r\nBut that's not all - yesterday, the Conti Leaks twitter account posted a link to the source code for Conti V3 which\r\nhad been uploaded to VirusTotal. The third Conti version is much newer, with the last update dated January 25th,\r\n2021, with a fully functional and operational source code. Researchers at Bleeping Computer easily compiled the\r\ncode and created their own ransomware based on it.\r\nMany threat actors and ransomware gangs have been picking sides since Russia's invasion of Ukraine, while\r\nothers, like LockBit, are trying to stay neutral. As the Russia-Ukraine war advances, more pressure is being set in\r\nevery industry and space to help (like Ukraine asking volunteer researchers and hackers to join their \"IT Army\").\r\nThreatSTOP customers are protected from Conti and other ransomware variants using our Ransomware IP and\r\nDomain target bundles in policies that are enforced by firewalls, DNS servers, and more. We also offer a Russian-Controlled Entities Target which protects our customers from network communications with all IP addresses\r\nowned or taken over by Russia.\r\nNot a ThreatSTOP customer yet? Want to see ThreatSTOP instantly eliminate attacks like Conti ransomware on\r\nyour network?\r\nhttps://www.threatstop.com/blog/conti-ransomware-source-code-leaked\r\nPage 2 of 3\n\nGet a Demo\r\nFor live updates on the attack on Conti group, check out the Twitter handle @ContiLeaks.\r\nSource: https://www.threatstop.com/blog/conti-ransomware-source-code-leaked\r\nhttps://www.threatstop.com/blog/conti-ransomware-source-code-leaked\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.threatstop.com/blog/conti-ransomware-source-code-leaked"
	],
	"report_names": [
		"conti-ransomware-source-code-leaked"
	],
	"threat_actors": [],
	"ts_created_at": 1775441494,
	"ts_updated_at": 1775791306,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/092745b4c4b9d3c98c56ac9e7d8b9e8c1626312c.pdf",
		"text": "https://archive.orkl.eu/092745b4c4b9d3c98c56ac9e7d8b9e8c1626312c.txt",
		"img": "https://archive.orkl.eu/092745b4c4b9d3c98c56ac9e7d8b9e8c1626312c.jpg"
	}
}