US offers $10m reward for information on Conti ransomware conspirators

The US state department recently announced a reward of up to $10 million for any information that could identify or lead to the location of individuals involved with or have key leadership positions in the Conti ransomware-as-a-service (RaaS) group. 

Considering Conti’s track record, this turn of events is unsurprising. We wrote about how the ransomware was used in a devastating attack on Ireland’s health service last year, and that’s only the tip of the iceberg. The FBI estimates that Conti ransomware has targeted over 1,000 victims to date, with payouts in excess of $150,000,000. 

This announcement from the US state department comes on the heels of Conti’s most recent attack, which targeted Costa Rica in April 2022.

What happened in Costa Rica

President Rodrigo Chaves began his tenure as president of Costa Rica by declaring a national state of emergency on May 8th, 2022. He pointed to an ongoing Conti ransomware attack as the reason. BleepingComputer reports that 27 government organizations were impacted by the attack, including: 

  • The Costa Rican Finance Ministry, Ministerio de Hacienda
  • The Ministry of Labor and Social Security, MTSS
  • The Social Development and Family Allowances Fund, FODESAF
  • The Interuniversity Headquarters of Alajuela, SIUA
  • Administrative Board of the Electrical Service of the province of Cartago (Jasec)
  • The Ministry of Science, Innovation, Technology, and Telecommunications
  • National Meteorological Institute (IMN)
  • Radiographic Costarricense (Racsa)
  • Costa Rican Social Security Fund (CCSS).

As of May 8th, according to BleepingComputer, Conti appeared to have stolen 672 GB of data from these government agencies and leaked 97% of it online. Previously, Conti demanded $10 million ransom for the data, which Costa Rica refused to pay. 

The fallout from the ransomware attack is ongoing, with a multitude of agencies facing disruption. So much so that president Chaves declared that Costa Rica is “at war” with Conti. BBC reports that the Costa Rican Treasury told civil servants that automatic payment services would be affected, while the government announced that the country’s foreign trade would be affected as the attack hit its tax and customs systems. 

Conti has since upped its ransom demand to $20 million and has urged Costa Ricans to “go out on the street and demand payment”. It also warned Costa Rica that it has less than a week to pay the ransom. Otherwise, the decryption keys for encrypted government systems would be deleted, and it would gain access to other systems and leak even more data online. 

Conclusion

As the situation develops, cybersecurity experts wonder what’s next after this unprecedented cybersecurity attack. According to TechMonitor, Conti appears to have taken its infrastructure offline, but many believe that the group is downsizing, allying with other groups in an attempt to rebrand. Right now, whatever happens, it’s more important than ever that governments and organizations are prepared to face ransomware attacks, from strengthening cybersecurity capabilities to providing social engineering training to staff.

Share on Twitter, Facebook, Google+