The US government is offering bounties up to $10 million for information about members of the Conti ransomware gang that pledged allegiance to Russia when the country invaded Ukraine.
The bounty is being offered as part of the Rewards for Justice (RFJ) program run by the US Department of State. Conti’s page(Opens in a new window) on the RFJ website says the government is looking for “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
The page lists five individuals—“Target,” “Reshaev,” “Professor,” “Tramp,” and “Dandis”—who are suspected of having ties to Conti. A poster shared on the RFJ website includes a picture of someone the State Department suspects of being Target; the other four are merely known by their aliases. Wired reports(Opens in a new window) that, according to a State Department official, the image on that poster represents “the first time that the US government has publicly identified a Conti operative.” (Allegedly.)
“First detected in 2019,” the State Department says, “Conti ransomware has been used to conduct more than 1,000 ransomware operations targeting US and international critical infrastructure, such as law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the United States.”
But the poster shared on the RFJ website makes it clear the US government isn’t only interested in Conti. It also solicits information that links “any malware or ransomware to a foreign government targeting US critical infrastructure.”
Recommended by Our Editors
This bounty is just the latest of Conti’s troubles. Shortly after the group said(Opens in a new window) “if anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” someone publicly leaked the ransomware gang’s internal chats. Then, a few days later, the source code for the Conti ransomware encryptor, decryptor, and builder was leaked as well.
Conti said in May that it would be shutting down(Opens in a new window); the last of its public infrastructure finally went offline(Opens in a new window) at the end of June. But that doesn’t mean the people behind Conti just gave up. Intel 471 reported(Opens in a new window) in July that some of Conti’s members “have leaned into side projects that take advantage of segments of Conti’s prior operations, like network access or data theft,” while others have “allegedly forged alliances with other Ransomware-as-a-service (RaaS) groups.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
