Want $10 Million Dollars? Feds Offering Giant Bounty for Conti Ransomware Gang Info
The U.S. State Department on Thursday announced a $10 million reward for information related to five individuals associated with the Conti ransomware group.
The reward offer, first reported by WIRED, is also notable for the fact that it marks the first time the face of a Conti associate, known as “Target,” has been unmasked. The four other associates have been referred to as “Tramp,” “Dandis,” “Professor,” and “Reshaev.”
The U.S. Government reveals the face of a Conti associate for the first time! We’re trying to put a name with the face!
To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!
— Rewards for Justice (@RFJ_USA) August 11, 2022
The government, besides seeking information about the five operators that could lead to their identification or location, is also calling on people to share details about Conti and its affiliated groups TrickBot and Wizard Spider.
Since its rebrand from Ryuk to Conti, the transnational organized crime group has been linked to hundreds of ransomware incidents over the past two years.
As of January 2022, the Russia-based ransomware-as-a-service (RaaS) operation is estimated to have hit over 1,000 entities, with victim payouts exceeding $150 million. The State Department has dubbed Conti the “most damaging strain of ransomware ever documented.”
An analysis of the leaked chats between Conti members in March 2022 that emerged after the syndicate sided with Russia in the ongoing conflict between the country and Ukraine highlighted Target’s role as a manager involved in its physical operations in Russia.
“The leaks are of an unprecedented level and show the world how a government backed, multimillion-dollar ransomware gang operates,” Trellix researchers noted in March 2022.
“In some fashion it was almost like a normal business; wages needed to be paid, software licenses obtained, customer service initiated, and strategic alliances had to be formed.”
Although the Conti brand has been terminated, its members are still active, continuing their work through other ransomware and data extortion operations under different offshoots, including Karakurt, Silent Ransom, Quantum, and Roy/Zeon.
The development also comes a little over three months after the agency said it’s offering a reward of up to $10 million for information leading to the identification and/or location of individuals who hold key leadership positions in the Conti team.