The U.S. Department of State is offering up to $15 million in rewards for information on the Conti ransomware leadership and its affiliates, as was the case in November where similar rewards were offered for information on the Sodinokibi (REvil) and Darkside ransomware groups.
The Conti ransomware-as-a-service (RaaS) operation has been highly prolific and is currently the leading RaaS operation. The gang has conducted more than 1,000 ransomware attacks and has been paid more than $150 million in ransoms over the past 2 years. In contrast to other RaaS operations, instead of paying affiliates a percentage of the ransoms they generate, they are paid a wage and the operation appears to be run very much like a legitimate business.
Conti has been linked to the Russian-speaking Wizard Spider cybercriminal organization, which is believed to be behind the Ryuk RaaS operations and also TrickBot and BazarLoader malware. The Conti ransomware gang was behind the ransomware attack on Ireland’s Health Service Executive (HSE) in May 2021, the cost of mitigating and recovering from the attack is estimated to be $600 million, along with many attacks on entities in the healthcare and public health, energy, financial services, information technology, and food and agriculture sectors.
In April, the Conti gang targeted multiple government entities in Costa Rica including the Ministry of Finance and Ministry of Labor and Social Security. The attacks, and their ongoing effects, were so severe that on May 8, 2022, Costa Rica President, Rodrigo Chaves, declared a national emergency over the attacks.
The Department of State is offering up to $10 million in rewards for the names and locations of the leaders of the operation, and should any information provided to the authorities lead to the arrest or convictions of those individuals, or any individual in any country conspiring to participate in Conti-related ransomware incidents, a further $5 million will be available in reward payments.
“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cybercriminals. We look to partner with nations willing to bring justice for those victims affected by ransomware,” said Department of State spokesperson, Ned Price.