US unmasks alleged Conti ransomware operative, offers $10M for intel

The U.S. government said it will offer up to $10 million for information related to five people believed to be high-ranking members of the notorious Russia-backed Conti ransomware gang.

The reward is offered as part of the U.S. State Department’s Rewards for Justice (RFJ) program, which on Thursday shared an image of a known Conti ransomware operator known as “Target,” marking the first time the U.S. government has publicly identified a Conti operative. The program, which specifically seeks information on national security threats, is offering up to $10 million for information leading to the identification and location of Target, along with four other alleged Conti members known as “Tramp,” “Dandis,” “Professor,” and “Reshaev.”

The RFJ said it would also pay out up to $5 million “for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident.”

The State Department said Conti has carried out more than 1,000 ransomware operations targeting U.S. and international critical infrastructure, including law enforcement agencies, emergency medical services and 911 dispatch centers. Most recently, the gang infiltrated 27 government institutions in Costa Rica and demanded a $20 million ransom, which saw the country’s newly-elected President Rodrigo Chaves declare his country “at war” with the ransomware group.

The gang rebranded from Ryuk to Conti in 2020, and later sided with Russia in its war against Ukraine, pledging to respond to any cyber attacks on the Russian government or the country’s critical infrastructure. But this backfired when a disgruntled Conti member leaked over 170,000 internal chat conversations between other Conti members and the source code for the ransomware itself.

This breach led to the eventual shutdown of the Conti ransomware brand in June this year, though it’s believed members of the gang have quietly moved into other ransomware operations including Hive, AvosLocker, BlackCat, and Hello Kitty.

“The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived,” according to a May report by Advanced Intel.

The RFJ’s bounty program was initially launched to gather information on national security threats and terrorists targeting U.S. interests and has expanded to offer rewards for information on cyber criminals. It’s also offering bounties for information on the Russia-backed REvil and Evil Corp hacking groups.

State previously offered $10 million for information leading to the identification or location of those who held a “key leadership position” within Conti.

This article was originally published on Read More on their website.

Leave a Comment