US State Department offering $10 million reward for information about Conti members

The U.S. State Department is offering $10 million for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang.

An additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member.

In a statement on Friday, State Department spokesman Ned Price said the group has been behind hundreds of ransomware attacks over the last two years.

“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” Price said. 

The Conti ransomware group has targeted over a thousand organizations, extorting over $150 million in ransoms. Today @StateDept is offering rewards for information on Conti leadership and its affiliates. https://t.co/0RFkLKgK3U

— Ned Price (@StateDeptSpox) May 6, 2022

The memo also notes that the group has recently claimed credit for a wide-ranging ransomware attack that targeted the government of Costa Rica as it transitioned to a new president. The attack crippled the country’s customs and taxes platforms alongside several other government agencies. The attack even brought down one Costa Rican town’s energy supplier. 

Conti attacked Ireland's Health Service Executive in May 2021, causing weeks of disruption at the country's hospitals. Ireland refused to pay the $20 million ransom and now estimates it may end up spending $100 million recovering from the attack. 

Irish Minister of State Ossian Smyth said it was "possibly the most significant cybercrime attack on the Irish State." 

The group similarly crippled dozens of hospitals in New Zealand and made a point of going after U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year, according to the FBI.

The group has suffered several internal breaches over the years, the most notable of which occurred in February after it expressed public support for Russia’s invasion of Ukraine. 

Within days of the message, the gang’s internal Jabber/XMPP server – which carried their private messaging channel – was hacked, and two years of the group’s chat logs appeared on a new Twitter handle called @ContiLeaks.

The leaks revealed the group’s inner workings and illustrated the way they chose their targets. 

The embarrassment from the leaks did little to slow the group down. On Wednesday, they added New York-based architecture firm EYP to its list of victims. 

The State Department in November offered a $10 million reward for any information that may lead to the identification and/or arrest of members of the Darkside ransomware group as well as the operators behind the REvil (Sodinokibi) group.