US government is offering $10 million bounty for any info on Conti hackers

U.S. State Department announced Conti ransomware members as a threat to national security

On August 11, the U.S. Department of State announced that it is willing to award anyone who would provide vital information that would lead to the capture and prosecution of five hacking group members of Contri ransomware. The face of a major player within the gang known as “Target” was published for the first time, along with the names of other high-ranking members – “Tramp,” “Dandis,” “Professor,” and “Reshaev.”

The Rewards for Justice program, which was first created as an entity battling terrorism and now expanded its operations to offer rewards for information about cybercriminals, is looking for local people who are willing to provide any details about Conti hackers, promising a reward of up to $10US million in return. The organization is already handing out bounties on information for prominent malware creators like REvil^[1] or Russian Sandworm hackers.

With criminals announcing their support for the Russian government, they are considered to be a major threat to U.S. national security, hence capturing and destabilizing the group is essential.

Conti ransomware operations shut down, but actors are still performing operations

The hacking group was rebranded in 2020 from an already well-established ransomware gang known as Ryuk, which was causing havoc among organizations and businesses worldwide for years. In the past two years, the rebranded gang managed to attack governments, schools, and health service providers^[2] worldwide. Overall, over 1,000 attacks were conducted by cybercriminals, resulting in ransom payments of over $180 million last year alone.

On February 2, 2022, after the Ukraine-Russia war began, the Conti ransomware gang released a public statement on the underground forums that announced full support for the Russian government in this conflict:^[3]

The Conti Team is officially announcing a full support of Russian government. If anybody will decide to organize a cyberattack on any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy

Soon after that, a Ukrainian security researcher started to leak over 170,000 chat conversations between the members of the Conti ransomware team. The leaks, which were branded as “Conti Leaks,” also revealed the source code for the ransomware encryptor – it proved to be a major blow to the ransomware's operation, ultimately leading to its demise.

These leaks also allowed the U.S. law enforcement agencies to determine who was responsible for the multiple attacks worldwide, and the names (nicknames) of the high-ranking members were released. Despite this setback, the operations of the malicious actors were not shut down, and all of the members are known to be extremely active in other cybercriminal operations.

Russia is unlikely to help capture the notorious hackers

Since all perpetrators reside in Russia, the announcement on Twitter was also shown in Russian^[4] in the hopes that local people would provide anonymous tips for the Rewards for Justice program. Seeing how millions are being offered, there might be people around who would be willing to give out valuable information for the money offered.

Russia was never keen on helping the U.S. to capture local cybercriminals; considering the current political climate due to the Ukraine-Russia war, it is highly unlikely that the Russian government would do anything about it now.

While the U.S. government wouldn't be able to arrest the perpetrators within Russian territory, it is hoping to retrieve information such as their location and travel plans in case cybercriminals were to leave the country to visit families or for any other reasons which would ultimately lead to their arrests.