The U.S. Department of State announced last week that it is offering a $10,000,000 bounty for information on the identification or location of five highly ranked members of Wizard Spider, the Conti ransomware syndicate. Since the emergence of Conti in 2020, the ransomware strain has been weaponized against hospitals, governments, and businesses, with the FBI estimating $180,000,000 in ransomware payouts. Specifically, the Department of State is looking for information on the following key members of the Conti group: Professor, Reshaev, Tramp, Dandis, and Target. An image of the member “Target” was shared last Thursday, being the first time a Conti operator has been identified by the U.S. government.
What is Conti Ransomware?
A rebranding on the Ryuk ransomware variant, Conti runs a ransomware-as-a-service (RaaS) operation, developing ransomware code for other hacking groups to use. The malicious program encrypts data and spreads to multiple systems, making it difficult to contain, seeing that there are no guarantees that system and file access will be granted even after paying the actor. The group has a website where any leaked/extracted documents are published, with the data of hundreds of different sectors and organizations shared.
Conti’s More Notorious Attacks
The group has grown into a dangerous syndicate, given their recent participation in cyber warfare and infiltrating of 27 government institutions in Costa Rica for $20,000,000. President Rodrigo Chavez has retaliated, declaring war with the ransomware syndicate. Ireland was targeted by this string of high-profile attacks in 2021 when the government healthcare system was attacked, with the group also demanding $20,000,000 in ransom. This happened in 2020 as well, when the group pledged to side with Russia in its war against Ukraine, which was eventually shutdown after a Conti member leaked the ransomware’s source code.
The U.S. Department of State’s Rewards for Justice program is not just limited to the $10,000,000 bounty for information on Conti ransomware members, but is also offering bounties for information on REvil and Evil Corp ransomware groups. Rewards for Justice also makes it clear that the U.S. government is not only hunting Conti and REvil members, but anyone participating in malicious cyber attacks against critical U.S. infrastructure.