SINCE THE CONTI ransomware strain emerged in 2020, its operators have caused havoc around the world. It has crippled hospitals, attacked governments, and extorted countless businesses. Its criminal hackers have targeted more than 1,000 organizations, earning more than $180 million last year alone. Now, the US government is upping its fight against the group, identifying members of the gang for the first time and aiming to expose their potential ties to the Russian state.
Today, the Rewards for Justice mission, an organization within the US State Department that handles national security rewards, is announcing new bounties of up to $10 million for anyone who provides useful information about individual members of Conti. Specifically, the agency has called for people to share details about five key members of the Conti group: actors using the handles Professor, Reshaev, Tramp, Dandis, and Target.
Rewards for Justice has also published an alleged photo of the person believed to be Target. In the picture, a middle-aged man is wearing a hat with ear flaps, a black t-shirt, and a dark-colored jacket. It is one of the first times that the potential real-world identity of a member of the Conti gang has been publicly exposed.
Many members of Conti are believed to be based in Russia or surrounding regions. For years, the Kremlin has largely turned a blind eye to cybercriminals based in the country, making it a homebase for several ransomware groups. The leaked Conti Files revealed some high-level members of the gang appear to have connections to the Russian state and security services. Some members of the group have chatted about working on “political” subjects and knowing members of the Russian hacking group Cozy Bear, also known as Advanced Persistent Threat 29.
In recent weeks, Conti’s activities have dwindled, as it is believed the group is attempting to rebrand following the leaking of its internal chats. However, many of the members are still thought to be active and involved in other cybercrime efforts. These kinds of ransomware attacks can have a huge impact on businesses and wider society.
“While these are not state-sponsored groups, they routinely carry out attacks as impactful as any nation state group and they need to be treated as such,” says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. “This likely won’t lead to the arrest of members of Conti, unless any of them are dumb enough to step foot outside of Russia. The intelligence that might be gathered through this reward could prove to invaluable.”