The Department of State offers a reward of up to $15 million for information on the Russia-based Conti ransomware gang.
The reward comprises $10 million for information leading to the identification and location of Conti leaders and $5 million for information resulting in the arrest of anyone conspiring with Conti.
Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the National Security Agency, and the United States Secret Service have re-released an advisory on Conti ransomware.
“Conti cyber threat actors remain active and reported Conti ransomware attacks against the US and international organizations have risen to more than 1,000,” it said.
Originally the warning was released in September 2021. It said that over 400 Conti ransomware attacks aimed to steal sensitive data.
In typical Conti ransomware attacks, malicious cyberactors steal files, encrypt servers and workstations, and demand a ransom payment.
According to the FBI, the Conti Ransomware variant is the costliest strain of ransomware ever documented, with victim payouts exceeding $150 million.
“In April 2022, the group perpetrated a ransomware incident against the Government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms,” State Department spokesman Ned Price said.
Conti ransomware
Conti started operating in late 2019, and it runs Conti.News data leak site. The group gets initial access through stolen RDP credentials and phishing emails with malicious attachments.
Experts believe that Conti attacks resemble tactics seen in nation-state attacks. The groups also rely on human-operated attacks instead of increasingly popular automated intrusions. Conti attempts to find a buyer for the data before posting it on the site.
Ireland’s HSE, Volkswagen Group, several U.S. cities, counties, and school districts were affected by Conti. Conti has been observed to be in the networks for anywhere between a few days to even weeks before actually launching ransomware.
The group is believed to be based in the second largest Russian city of Saint Petersburg. It’s also speculated that the people behind Conti used to be in charge of another prominent ransomware cartel, Ryuk.
As with many modern extortion gangs, Conti offers Ransomware-as-a-Service (RaaS) package, selling its malware to affiliates. The core team takes 20-30% of a ransom payment, while the affiliates keep the rest of the loot.
In March, after Conti has announced its allegiance with Vladimir Putin, a pro-Ukrainian insider has set up a Twitter account named Conti leaks to expose the ransomware gang, which proved to be a nightmare for many of its victims, including Ireland’s HSE, Volkswagen Group, several US cities, counties, and school districts.
More from Cybernews:
Colonial Pipeline’s ripple effect: are wounded ransomware gangs getting angrier?
The dark side of the metaverse: taking your nightmares online
Can Facebook clean up its data policy?
Ukraine accuses Russian hackers of tampering with civilian rescue operations
Religion in the metaverse: the Vatican is launching an NFT gallery
How cybercriminals could take advantage of natural disasters
Subscribe to our newsletter
