The ransomware group had another reason to rue its public support for Russia this week, as the incognito mole in its ranks posted more source codes on Twitter.
The original post – by what is thought to be a Ukrainian gang member who went rogue after Conti declared for Vladimir Putin’s invasion – was short and sweet.
“Source Conti V.3,” it read, an apparent allusion to previous leaks, before posting a VirusTotal link to the leaked data. Source codes are vital to programmers because they allow for plain-text commands to be issued by them to computers, specifying their functions.
Fellow Twitter users quickly crowded the thread to express their thanks to the insider, with some requesting password access to the pilfered data.
“I am doing my dissertation on how to improve investigative efforts on ransomware attacks,” said one. “I am using Conti as a case study, that password means the world to me.”
A subsequent link to the password was posted further down in the Twitter thread, effectively handing the keys to the vault to anyone caring to delve further into Conti’s secrets.
Clearly this is the sort of exposure the ransomware gang will not relish. Notorious for attacks against more than a thousand organizations in the US and other countries, Conti’s move from covert to overt Russian proxy has incurred a backlash that has left it on the back foot.
With many such ransomware groups being forced to choose between remaining purely criminal or taking sides in the escalating cyber conflict, perhaps Conti’s example goes to show that patriotism and profit do not mix well.
More from Cybernews:
Subscribe to our newsletter