The US Department of State is offering up to $15 million for information that helps identify and locate the leaders and accomplices of the infamous Conti ransomware gang.
Up to $10 million of this reward is being offered for information on the identity and location of Conti leaders, and an additional $5 million for leading to the arrest and/or conviction of individuals who conspired or attempted to participate in Conti ransomware attacks.
According to a statement issued by State Department spokesman Ned Price, Conti has affected more than 1,000 victims who have paid more than $150 million in ransoms as of January 2022.
“The Conti ransomware group has been responsible for hundreds of ransomware incidents in the last two years,” Price said on Friday.
“The FBI estimates that, as of January 2022, there were more than 1,000 attack victims associated with the Conti ransomware with payouts to victims exceeding $150,000,000, making the Conti Ransomware variant the ransomware strain costliest ever documented.
In November, the US State Department also offered rewards of up to $15 million for information on the REvil (Sodinokibi) and Darkside ransomware operations.
The rewards are offered as part of the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). Since 1986, the Department has paid out more than $135 million in rewards under this program.
Those who can provide this information can submit tips to the FBI at https://tips.fbi.gov or by using the FBI’s electronic tip form.
The Conti ransomware group
Conti is a Ransomware-as-a-Service (RaaS) operation linked to the Russian-speaking Wizard Spider cybercrime group (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).
Victims of the cybercrime ring include the Irish Health Service Executive (HSE) and its Department of Health (DoH), asking the former to pay a ransom of $20 million.
The FBI also warned in May 2021 that Conti operators attempted to breach more than a dozen US first responder and health care organizations.
In August 2021, a disgruntled affiliate leaked Conti training materials, including information about one of its operators, a manual on how to implement various malicious tools, and numerous help documents purportedly provided to the group’s affiliates.
According to analysts from several cybersecurity companies, Conti now runs several side businesses aimed at sustaining its ransomware operations or paying for initial network access when needed.
One such side operation is the recently emerged Karakurt data extortion group, active since at least June 2021 and recently linked to Conti by researchers from Advanced Intelligence, Infinitum, Arctic Wolf, Northwave, and Chainalysis, as the extortion arm of cybercrime gang data.