The State Department is offering rewards that total $15 million for more information about the key leaders, operators or affiliates associated with the Conti ransomware group.
U.S. authorities will pay up to $10 million for information leading to the identification or location of key Conti leaders, and up to $5 million for information leading to the arrest or conviction of owners, operators and affiliates associated with the RaaS group. The FBI has called Conti the costliest strain of ransomware ever documented, with the group and its affiliates wracking up hundreds of victims over the past two years, including 1,000 victims as of January with payouts exceeding $150,000,000.
“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” according to the State Department in a release. “We look to partner with nations willing to bring justice for those victims affected by ransomware.”
Conti continues to pose a formidable threat to businesses despite a self-reported security researcher in February setting up a Twitter account in late February and leaking two years worth of the group’s internal chat logs, in addition to credentials, email addresses and command-and-control (C2) server details. In April, the group launched a ransomware attack against the government of Costa Rica that the U.S. government said severely impacted the country’s foreign trade by disrupting its customs and taxes platforms.
The U.S. government has previously offered up high rewards for other ransomware groups, including rewards of up to $15 million for the DarkSide ransomware in November, as well as up to $15 million for the Sodinokibi (REvil) ransomware group, also in November. Rewards are offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), a program established in 2013 that gives the Secretary of State statutory the ability to offer rewards of up to $25 million for information leading to the arrest or conviction in any country of those participating in transnational organized crime.
Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, said that these types of rewards may indicate a shift in tactics in targeting ransomware operations.
“By taking a more proactive approach in soliciting the assistance of external researchers — and individuals potentially close to Conti's organization — they may identify useful information that would otherwise have remained unclear,” said Morgan.