The U.S.Department of State set two separate bounties for information on the Conti ransomware organized crime group totaling $15 million.
Any information that helps identify or locate the Conti group leaders will be awarded up to $10 million. Additionally, $5 million will be awarded for any information that leads to the arrest of individuals conspiring with the Conti group.
The rewards are offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP) and can be claimed from any country.
Ransomware is a type of malware that threatens to delete or publish private information unless a ransom is paid.
Ransomware attacks peaked in 2020 by reaching $692 million in total value, according to Chainalysis. The total amount paid in ransom remained over $600 million as of 2021. However, the slight decline in confiscated total value doesn’t mean that the threat is also degrading.
The report states:
“Despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware.”
The same report breaks down the top 10 ransomware strains by revenue, where Conti takes the first place by extorting at least $180 million from its victims in 2021.
It is estimated that the Conti ransomware group has been active for over two years and has around 350 members. It was able to collect over $2.7 billion in ransom since 2020.
According to information leaked from Conti, the group uses proprietary in-house software that is much faster than other most ransomware programs. All versions of Microsoft Windows are prone to their attacks.
On 21 April 2022, the group attacked the Government of Costa Rica and targeted at least five government agencies, including the Ministries of Finance, Science, and Technology. Conti demanded a $10 million ransom and started leaking certain information for not receiving it.
🚨 #Conti‘s latest update on the cyberattack against Costa Rica’s Ministerio de Hacienda 🇨🇷…
“If the ministry cannot explain to its tax payers what is going on, we will do it 1) we have penetrated their critical infrastructure, gained access to about 800 servers, …” 👇 pic.twitter.com/wp2Y8UeGGN
— BetterCyber (@_bettercyber_) April 20, 2022
Specialists from Cyberint, who analyzed Conti debunked previously confiscated in-group messages written in Russian and discovered that the group adopted a well-managed organizational structure.
The messages also showed that the group had physical offices in Russia, ran performance reviews, and even named an “employee of the month.”
Lotem Finkelstein, the head of threat intelligence at Check Point Software Technologies, stated:
“Our … assumption is that such a huge organization, with physical offices and enormous revenue would not be able to act in Russia without the full approval, or even some cooperation, with Russian intelligence services.”