Since the CONTI ransomware strain first appeared in 2020, its users have wreaked havoc on various countries and cities. They have exploited it to attack governments, shut down hospitals, and blackmail numerous companies. More than 1,000 businesses were attacked by these criminal hackers, who made more than $180 million in profit last year alone. The US government is now intensifying its campaign against the gang, naming its members for the first time, and attempting to reveal any possible connections they may have to the Russian government.
Today, the US State Department’s Prizes for Justice programme, which manages national security rewards, announced additional bounties of up to $10 million for anyone who gives helpful information concerning specific individuals.
Particularly, the CIA has requested information regarding five prominent Conti group players who go by the stage names Professor, Reshaev, Tramp, Dandis, and Target.
A purported photo of the person thought to be Target has also been made public by Rewards for Justice. A middle-aged man can be seen in the image sporting a black T-shirt, a dark-colored jacket, and a hat with ear flaps. One of the first occasions a member of the Conti gang’s possible true name has been made public is in this instance.
The US government has publicly identified a Conti agent for the first time today, according to a State Department official who declined to give his name and offered no more details about Target’s identity besides the image. “That photo is the first time the US government has ever identified a malicious actor affiliated with Conti,” they claim, adding that they are searching for details like as the people’s identities, whereabouts, and future travel and vacation schedules. (Many Russian-based cybercriminals avoid leaving the country out of concern for arrest.)
The State Department’s action highlights Conti’s particularly risky position in the ransomware industry.
The organisation, also known as Wizard Spider or as a component of the larger Trickbot cybercrime gang, is managed and structured similarly to a small- or medium-sized corporation. After Conti supported Vladimir Putin’s all-out assault of Ukraine earlier this year, a Ukrainian cybersecurity researcher revealed 60,000 of the company’s internal messages, revealing the company’s darkest secrets. The Conti Files are the name given to the exposed data.
One estimate has the number of members of Conti and the larger Trickbot group at above 100, all of whom work in various departments. They get paid frequently, request time off for holidays, and extort victims in a professional manner, according to their leaked chats.
Even the group’s attempts to create a bitcoin payments network were revealed by the leaks. A separate $10 million prize was given after Conti attacked the Costa Rican government earlier this year, disrupting more than 30,000 medical appointments.
The Rewards for Justice programme, which is distinct from other rewards schemes offered around the US, concentrates on matters of national security, such as North Korean hacking organisations and outside meddling in elections. The state department official claims that “[Conti] is seen as a national security danger because we suspect, and we are seeking more information to confirm, that they are linked with a foreign government.” They engaged in harmful online activity directed at our vital infrastructure. They pose a threat to national security in our eyes.
Russian territory or nearby areas are thought to be the base of operations for many Conti members. Since the Kremlin has mostly ignored hackers operating in the nation for years, some ransomware gangs have made it their base of operations. Some senior gang members appear to have connections to the Russian government and security agencies, according to the leaked Conti Files. The group’s members have discussed working on “political” issues and knowing members of Cozy Bear, a Russian hacker collective also known as Advanced Persistent Threat 29.
According to US Air Force major Katrina Cheesman, a representative for the Cyber National Mission Force, “Conti has publicly admitted its affiliation with foreign governments, notably its assistance of the Russian government.”Conti’s activities have decreased recently, and it’s thought the organisation is trying to reinvent itself in the wake of the disclosure of its internal communications. Many of the members are reportedly still active and engaged in additional cybercrime activities. These ransomware attacks have a significant impact on businesses and society at large.