A $10 million award awaits anyone with information on five high-ranking members of the Russian hacking group.
On Thursday, the US State Department announced that it was offering a $10 million award to anyone who could provide information that would identify and locate five individuals linked to the Conti ransomware group. The agency said that the five high-ranking members hid behind the aliases "Target," "Reshaev," "Professor," "Tramp," and "Dandis," and had participated in malicious cyber activities against critical American infrastructure.
Conti ransomware is run by a Russia-based hacker group and has supported the Russian government in their unprovoked attack on Ukraine, The Hill reported. The group has also threatened critical infrastructure of countries they believe were threats to Russia, the US State Department explained.
Threat actors behind the Conti ransomware have performed more than 1,000 ransomware operations that targeted critical infrastructure both in the US and internationally, including law enforcement agencies, emergency medical services, and 911 dispatch centers.
US State Department Launches Rewards of Justice Program for Information on Conti Ransomware Actors
Within the US State Department, the Rewards of Justice program exists to provide monetary rewards to those who can provide information on threat actors affecting America's national security. According to Bleeping Computer, the program was initially launched to gather informatio on terrorists targeting the interests of the US but has expanded to offer rewards in exchange for information on cyber criminals, including the Russian Sandworm hackers, REvil ransomware, and the Evil Corp hacking group.
Back in May, the US State Department offered a similar reward and an additional $5 million for any information that could lead to the arrest of individuals conspiring with the Conti ransomware members. In April, the agency offered a $10 million reward for information on a group of hackers from Russia who were believed to be involved in malicious cyber activities.
These Russian hackers were accused of participating in a criminal conspiracy that infected computers globally through a malware infection called NotPetya in June 2017.
US State Department Releases Face of One Conti Ransomware Member
On Thursday, the US State Department released a photograph of a man they believed is "Target," one of five high-ranking Conti ransomware bad actors. "Target" is believed to be the Russian hacking group's "office manager and a team leader" who is responsible for the physical operation of the cybercrime group. He is also believed to have a background in law enforcement.
Target's colleagues include, Tramp, the owner and leader of the BlackBasta ransomware operation and owner and administrator of the Qbot malware command-and-control infrastructure and operation, Dandis, who is a technical manager, Professor who works for the ransomware operation from a tactical level, and Reshaev, a core leader and developer of the Conti ransomware.
The government believes that the Conti ransomware operation is behind more than 1,000 attacks worldwide and has received ransom payments of over $150 million. In the summer of 2020, Conti rebranded from Ryuk and quickly rose to prominence after attacking several high-profile victims such as the City of Tulsa, Broward County Public Schools, Advantech, and Ireland's Health Service Executive (HSE) and Department of Health (DoH).
Earlier this year, the Conti ransomware group pledged their alliance to Russia over its invasion of Ukraine. A Ukrainian security researcher then began leaking more than 170,000 internal chat conversations between the Conti ransomware gang members and the source code for the Conti ransomware encryptor, leading to the shutdown of the Conti ransomware brand.
This enabled law enforcers to determine the five main actors behind the operation. Now, the US State Department is offering a $10 million reward to anyone who can identify or provide information on the five high-ranking officials of the Conti ransomware operation so they could finally be apprehended.
Related Article: Cisco Confirms Data Breach by Yanluowang Ransomware Gang