Conti Locker v2: What You Need to Know About the Leaked Ransomware Source Code
Ransomware is a type of malicious software that encrypts the files on a victim’s computer or network and demands a ransom for their decryption. Conti Locker is one of the most notorious ransomware groups that has targeted hundreds of organizations worldwide, including hospitals, schools, and government agencies.
In early 2023, Conti Locker’s source code was leaked online by an anonymous person who claimed to support Ukraine in the conflict with Russia. The leak included the source code for Conti Locker v2, the latest version of the ransomware, as well as the source code for the decryptor. The leak also exposed thousands of messages from Conti Locker’s internal chat logs, revealing their tactics, targets, and affiliates.
The leaked source code poses a serious threat to cybersecurity, as it could enable other hackers to create new variants of Conti Locker or use it for their own malicious purposes. It also raises questions about the origin and motivation of Conti Locker, as some experts suspect that they may have ties to Russian intelligence or military.
In this article, we will explain what Conti Locker v2 is, how it works, and what you can do to protect yourself from this ransomware.
What is Conti Locker v2?
Conti Locker v2 is the second version of Conti Locker ransomware, which was first detected in late 2020. It is a sophisticated and highly customizable ransomware that can encrypt files on local and network drives, as well as specific IP addresses. It can also delete volume shadow copies, terminate services, disable real-time monitoring, and uninstall Windows Defender to prevent recovery and detection.
Conti Locker v2 uses a combination of AES-256 and RSA-4096 encryption algorithms to lock the files and generate a unique key for each victim. It then appends a random extension to the encrypted files and drops a ransom note in each folder. The ransom note instructs the victim to contact Conti Locker via email or Tor website and pay a certain amount of bitcoin to get the decryptor.
Conti Locker v2 operates as a ransomware-as-a-service (RaaS) model, meaning that it rents its ransomware to other hackers who pay a percentage of the ransom to Conti Locker. These hackers are known as affiliates and are responsible for distributing and deploying Conti Locker v2 on their chosen targets. Conti Locker provides them with technical support, updates, and access to their chat platform.
How did Conti Locker v2 source code leak?
The source code of Conti Locker v2 was leaked twice in 2023. The first leak occurred in February 2023, when an anonymous person posted a password-protected zip file containing the source code on GitHub. The person claimed to be a former affiliate of Conti Locker who was dissatisfied with their treatment by the group. They also claimed to have access to Conti Locker’s chat logs and threatened to expose them if Conti Locker did not stop attacking Ukrainian targets.
The second leak occurred in March 2023, when another anonymous person posted an unprotected zip file containing the same source code on GitHub. The person claimed to be a supporter of Ukraine and said they wanted to help other researchers and security experts analyze and combat Conti Locker. They also posted some screenshots of Conti Locker’s chat logs, showing their conversations with affiliates and victims.
The second leak attracted more attention and was quickly downloaded by many researchers and hackers before GitHub removed it. Some security experts confirmed that the source code was authentic and functional, while others warned that it could contain backdoors or malware. The leak also sparked speculation about the identity and motive of the leakers, as well as the possible involvement of state actors.
How can you protect yourself from Conti Locker v2?
Conti Locker v2 is a dangerous ransomware that can cause significant damage and disruption to your data and systems. To protect yourself from this threat, you should follow these best practices:
- Keep your operating system and applications updated with the latest security patches.