US State Department

The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang.

Up to $10 million of this reward are offered for info on Conti leaders' identity and location, and an additional $5 million for leading to the arrest and/or convictions of individuals who conspired or attempted to participate in Conti ransomware attacks.

According to a statement issued by State Department spokesman Ned Price, Conti has hit more than 1,000 victims who paid over $150 million in ransoms until January 2022. 

"The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years," Price said Friday.

"The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented."

In November, the US State Department has also offered rewards of up to $15 million for information on the REvil (Sodinokibi) and Darkside ransomware operations.

The rewards are offered as part of the Department of State's Transnational Organized Crime Rewards Program (TOCRP). Since 1986, the Department has paid over $135 million in rewards under this program.

Those who can provide this information can submit tips to the FBI at https://tips.fbi.gov or using the FBI's Electronic Tip Form.

State Dept Conti reward

The Conti ransomware group

Conti is a Ransomware-as-a-Service (RaaS) operation linked to the Russian-speaking Wizard Spider cybercrime group (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).

The cybercrime gang's victims include Ireland's Health Service Executive (HSE) and its Department of Health (DoH), asking the former to pay a $20 million ransom.

The FBI also warned in May 2021 that Conti operators tried to breach over a dozen US healthcare and first responder organizations.

In August 2021, a disgruntled affiliate leaked Conti's training materials, including info on one of its operators, a manual on deploying various malicious tools, and numerous help documents allegedly provided to the group's affiliates.

According to analysts from multiple cybersecurity firms, Conti is now managing various side businesses meant to sustain its ransomware operations or pay for initial network access when needed.

One such side operation is the recently emerged Karakurt data extortion group, active since at least June 2021 and recently linked to Conti by researchers from Advanced Intelligence, Infinitum, Arctic Wolf, Northwave, and Chainalysis, as the cybercrime gang's data extortion arm. 

Related Articles:

CDK Global outage caused by BlackSuit ransomware attack

Ascension hacked after employee downloaded malicious file

Police arrest Conti and LockBit ransomware crypter specialist

Vice Society claims LAUSD ransomware attack, theft of 500GB of data

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack