Conti Source Code Breeds New Ransomware Strains
Category: Ransomware News | Industry: Global | Level: Strategic | Source: Cyble
Researchers from Cyble Research and Intelligence Labs (CRIL) have identified several new ransomware strains; BlueSky, Meow, Putin Team, and ScareCrow, all containing coding similarities with the leaked Conti ransomware source code. CRIL researchers assess there will likely be more derivatives in the future, "The TAs could use the source code and builders of various ransomware groups exposed on multiple platforms to develop a custom ransomware payload. In this case, the TAs have utilized the leaked Conti Ransomware Source code to start a new ransomware operation with minimal investment." The four ransomware variants add their own unique extension following file encryption with threat actors using Telegram, email, and Onion sites as means of communicating with their victims. Putin ransomware is distinguished from other ransomware strains to have "altered the leaked source code of Conti ransomware to generate the ransomware binaries." Conti's source code leak isn't the first to inspire new variants as the leak of Babuk ransomware led to the creation of ransomware strains AstraLocker, Lilith, and Rook.