U.S. shares photo of alleged Conti suspect, offers $10 million for intel

The U.S. State Department on Thursday said that it was offering a $10 million reward for “information leading to the identification or location” of state-sponsored hackers who attack U.S. critical infrastructure, including individuals linked to the notorious Conti ransomware gang.

The department’s Rewards for Justice program shared an image of a man it said is tied to the group who goes by the name “Target,” and said it is searching for other members who use the handles “Reshaev,” “Professor,” “Tramp,” and “Dandis.”

The image depicts a bearded man in a black jacket, who is holding a bottle and wearing a white hat with earflaps. On Twitter, Rewards for Justice mocked the man in both English and Russian.

The U.S. Government reveals the face of a Conti associate for the first time! We’re trying to put a name with the face!

To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!

Write to us via our Tor-based tip line: https://t.co/WvkI416g4W pic.twitter.com/28BgYXYRy2

— Rewards for Justice (@RFJ_USA) August 11, 2022

“To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!” Rewards for Justice tweeted. 

The announcement didn’t include many details about the individual, but it marks one of the first times that a Conti operative has been potentially unmasked. The group’s members have managed to keep a low profile despite launching brazen attacks, including one that had wide-reaching impacts on the government of Costa Rica. The State Department put out a separate $10 million bounty in May as the group held the government for ransom and threatened to “overthrow” the newly-elected president.

Later that month, the group started taking down much of its infrastructure. Cybersecurity experts said Conti would likely splinter into other ransomware operations to avoid detection by law enforcement. Conti had been linked to more than 850 attacks since 2019, according to data collected by Recorded Future, including 2021 attacks against Ireland’s Health Service Executive and hospital systems in New Zealand.

“Conti ransomware has been used to conduct more than 1,000 ransomware operations targeting U.S. and international critical infrastructure, such as law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities,” the State Department wrote in its announcement. “These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the United States.”

The State Department also highlighted the group’s ties to Russia — Conti pledged support to the Russian government following its invasion of Ukraine in February “and threatened critical infrastructure organizations of countries perceived to carry out cyberattacks or war against the Russian government,” the announcement said.