{
	"id": "7706eb05-2b61-4764-a5f0-8dcd45d2e3f7",
	"created_at": "2026-04-06T00:14:05.261079Z",
	"updated_at": "2026-04-10T03:21:32.719576Z",
	"deleted_at": null,
	"sha1_hash": "e086761160a42641613c418ff3464ad9fc9ff62d",
	"title": "More Conti ransomware source code leaked on Twitter out of revenge",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2717940,
	"plain_text": "More Conti ransomware source code leaked on Twitter out of revenge\r\nBy Lawrence Abrams\r\nPublished: 2022-03-20 · Archived: 2026-04-05 14:19:13 UTC\r\nA Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for\r\nthe cybercriminals siding with Russia on the invasion of Ukraine.\r\nConti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous\r\nmalware families, it is considered one of the most active cybercrime operations.\r\nHowever, after the Conti Ransomware operation sided with Russia on the invasion of Ukraine, a Ukrainian researcher\r\nnamed 'Conti Leaks' decided to leak data and source code belonging to the ransomware gang out of revenge.\r\nhttps://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nConti siding with Russia on the invasion of Ukraine\r\nSource: BleepingComputer\r\nLast month, the researcher published almost 170,000 internal chat conversations between the Conti ransomware gang\r\nmembers, spanning January 21st, 2021, through February 27th, 2022. These chat messages provide detailed insight into the\r\noperation's activities and its member's involvement\r\nThe researcher later leaked old Conti ransomware source code dated September 15th, 2020. While the code was rather old, it\r\nallowed researchers and law enforcement to analyze the malware to understand better how it works.\r\nMore recent Conti source code released\r\nToday, Conti Leaks uploaded the source code for Conti version 3 to VirusTotal and posted a link on Twitter. While the\r\narchive is password-protected, the password should be easily determined from subsequent tweets.\r\nThis source code is much newer than the previously released version, with the last modified dates being January 25th, 2021,\r\nmaking it over one year newer than the previously released code.\r\nConti Locker version 3 source code\r\nSource: BleepingComputer\r\nLike the previous version, the source code leak is a Visual Studio solution that allows anyone with access to compile the\r\nransomware locker and decryptor.\r\nhttps://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nPage 3 of 5\n\nCompiling the Conti source in Visual Studio\r\nSource: BleepingComputer\r\nThe source code compiles without error and can be easily modified by other threat actors to use their own public keys or add\r\nnew functionality. \r\nAs you can see below, BleepingComputer compiled the source code without any issues, creating the cryptor.exe,\r\ncryptor_dll.dll, and decryptor.exe executables.\r\nCompiled Conti executables\r\nSource: BleepingComputer\r\nThe release of ransomware source code, especially for advanced operations like Conti, can have disastrous effects on\r\ncorporate networks and consumers. This is because it is very common for other threat actors to use the released source code\r\nto create their own ransomware operations.\r\nIn the past, a researcher published the source code for a ransomware named 'Hidden Tear' that many threat actors quickly\r\nadopted to launch different operations. \r\nWhile Hidden Tear can be decrypted, it led to a scourge of new ransomware infections that terrorized consumers and\r\ncompanies for years.\r\nMore recently, a threat actor leaked the source code for Babuk ransomware on a Russian-speaking hacking forum.\r\nhttps://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nPage 4 of 5\n\nWithin days, other threat actors used the source code for their use, and new ransomware operations were launched, such\r\nas Rook and Pandora.\r\nWith the continued leaks of the Conti ransomware gang's source code, it is only a matter of time until other threat actors use\r\nit to launch their own operations.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nhttps://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/"
	],
	"report_names": [
		"more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge"
	],
	"threat_actors": [],
	"ts_created_at": 1775434445,
	"ts_updated_at": 1775791292,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e086761160a42641613c418ff3464ad9fc9ff62d.pdf",
		"text": "https://archive.orkl.eu/e086761160a42641613c418ff3464ad9fc9ff62d.txt",
		"img": "https://archive.orkl.eu/e086761160a42641613c418ff3464ad9fc9ff62d.jpg"
	}
}