The US State Department is offering $10 million for any information that identifies or locates people linked to the notorious Conti ransomware gang.
An additional $5 million reward is also offered for information leading to the arrest or conviction of a Conti member.
In a statement on Friday, State Department spokesman Ned Price said the group was behind hundreds of ransomware attacks over the past two years.
“The FBI estimates that as of January 2022, there have been over 1,000 victims of attacks associated with the Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest ransomware strain never documented,” Price said.
The note also notes that the group recently claimed responsibility for a high-profile ransomware attack that targeted the government of Costa Rica during its transition to a new president. The attack crippled the country’s customs and tax platforms alongside several other government agencies. The attack even brought down the energy supplier of a town in Costa Rica.
Conti attacked Ireland’s Health Service Executive in May 2021, causing weeks of disruption to hospitals across the country. Ireland refused to pay the $20m ransom and now believe they could end up spending $100m to recover from the attack.
Irish Minister of State Ossian Smyth said it was “probably the most significant cybercrime attack on the Irish state”.
The group has also crippled dozens of hospitals in New Zealand and made it a point to go after US healthcare and first responder networks, including law enforcement, medical services emergency services, 9-1-1 dispatch centers and municipalities over the past year, according to the FBI.
The group has suffered several internal violations over the years, the most notable of which occurred in February after it was expressed public support for Russia’s invasion of Ukraine.
A few days after the message, the gang’s internal Jabber/XMPP server – which carried their private messaging channel – was hacked, and two years of the group’s chat logs appeared on a new Twitter account called @ContiLeaks.
The leaks revealed the inner workings of the group and illustrated how they chose their targets.
The embarrassment of leaks did little to slow the band down. On Wednesday, they added New York architecture firm EYP to its list of victims.
The State Department in November offered a $10 million reward for information that could lead to the identification and/or arrest of members of the Darkside ransomware group as well as the operators behind the REvil (Sodinokibi) group. .