The US authorities have offered a multimillion-dollar reward for information leading to the identification, arrest and/or conviction of individuals involved in attacks using the Conti ransomware variant.
Offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), the money is split into two pots: up to $10m for information on the identity or location of individuals “who hold a key leadership position” in Conti; and up to $5m for info leading to the arrest or conviction of anyone conspiring to use the malware in attacks.
That seems to suggest that the $10m is reserved for information on the operators/developers of the ransomware, while the second sum of money could also be handed out for info on any affiliate group members.
According to FBI figures cited by the State Department, the Conti variant has been linked to over 1000 attacks over the past two years, costing victims over $150m in the process. That makes it the highest-grossing ransomware of all time, it claimed.
After a catastrophic data leak exposed private chats and other information, researchers learned much about the internal workings of the group. It is said to have spent $6m annually on salaries, services and tooling, for example. Despite the incident, operations continue.
“In April 2022, the group perpetrated a ransomware incident against the Government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms,” the State Department claimed.
“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber-criminals. We look to partner with nations willing to bring justice for those victims affected by ransomware.”
Last November, the State Department used a $10m TOCRP fund to encourage anyone with knowledge of the individuals behind the DarkSide ransomware to come forward.
Another $10m was offered at the end of last month for information on six Sandworm group members believed to be working for Russian intelligence.