US offers $15 million reward for information that helps identify Conti ransomware hackers

US offers $15 million reward for information that helps identify Conti ransomware hackers

Image:
US offers $15 million reward for information that helps identify Conti ransomware hackers

Conti is the costliest strain of ransomware ever documented, according to the US State Department

The US State Department on Friday announced a reward of up to $15 million for information on the notorious Conti ransomware gang, which has been accused of cyber extortion attacks throughout the world.

The Department is offering a reward of up to $10 million for any information leading to the identification or whereabouts of people who hold a key leadership position within the Conti gang.

A further $5 million is being offered for any information that leads to the arrest or conviction of a Conti member in any country conspiring or attempting to engage in a Conti variant ransomware incident.

"In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals," State Department spokesman Ned Price said.

He added that Conti has infected over 1,000 victims who paid over $150 million in ransoms until January 2022, making it the most expensive ransomware strain ever documented.

The rewards are offered as part of the Transnational Organised Crime Rewards Program (TOCRP), which is managed by the State Department in close collaboration with other federal law enforcement partners. The primary aim of the programme is to disrupt and dismantle transnational organised crime, including cybercrime, throughout the world.

In November 2021, the Department offered similar monetary rewards for locating individuals associated with REvil and DarkSide ransomware, which were used in high-profile attacks last year on Kaseya and Colonial Pipeline.

Conti is a Russian-speaking ransomware gang known for operating a ransomware-as-a-service (RaaS) business model to extort money from victims. The group is regarded as one of the most active cybercrime organisations in the world due to their involvement in the development of various malware families.

Conti began its attacks in 2019 and has since been accused of ransomware attacks on a number of firms in the US and Europe.

In May 2021, Conti launched an attack on Ireland's Health Service Executive, causing weeks of disruptions in the country's hospitals.

Ireland declined to pay the $20 million ransom and now expects that the attack will cost them $100 million to recover from.

It was "perhaps the most severe cybercrime attack against the Irish State," according to Irish Minister of State Ossian Smyth.

Last month, Conti also claimed responsibility for an attack on Costa Rica's government networks.

In February, internal discussion logs from Conti group were leaked to the public for the first time after the gang announced support for Russia's invasion of Ukraine.

A security researcher with the pseudonym 'Conti Leaks' reportedly hacked the gang's internal Jabber/XMPP server and sent internal logs to multiple security researchers and journalists.

The leaked files contained thousands of messages dating from 21 January 2021 to 27 February 2022 and also included information on previously undisclosed victims, bitcoin addresses, private data breach URLs and discussions regarding the gang's actions.

After leaking Conti's chat messages, the researcher also released the source code of an old version of Conti ransomware, which was dated September 15, 2020.

A month later, the researcher published more source code from the Conti ransomware operation.