Getty Images/iStockphoto

US Offers $15M Reward For Information About Conti Ransomware

The US is offering up to $15 million for information about Conti ransomware, a group that claimed responsibility for at least 16 cyberattacks against US healthcare entities.

The US State Department is offering a reward of up to $10 million for information leading to the identification of key leaders in the Conti ransomware group. The Department is also offering a reward of up to $5 million for information leading to the arrest or conviction of any individual participating or conspiring to participate in a Conti variant ransomware operation.

The Federal Bureau of Investigation (FBI) estimated that as of January 2022, Conti had claimed over 1,000 victims and raked in $150,000,000 in victim payouts.

“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” the announcement stated. 

“We look to partner with nations willing to bring justice for those victims affected by ransomware.”

Conti has had a significant impact on the US healthcare sector in particular, claiming responsibility for more than 16 ransomware attacks against the US healthcare sector. In May 2021, the FBI released a flash alert warning of multiple Conti ransomware attacks against US healthcare organizations and first responder networks.

In February 2021, Conti released two healthcare data dumps on the dark web after infiltrating the networks of Leon Medical Centers and Nocona General Hospital. In May 2021, Rehoboth McKinley Christian Health Care Services (RMCHCS) notified over 200,000 patients of a data leak caused by Conti ransomware actors.

In early March 2022, Sophos disclosed an unusual incident involving two separate ransomware groups launching cyberattacks against one Canadian healthcare organization simultaneously. Both Karma and Conti ransomware successfully exfiltrated data.

Conti also announced on its leak site that it would support Russia’s invasion of Ukraine and use “retaliatory measures” against the US should it attack Russian critical infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the United States Secret Service (USSS) recently re-released their September 2021 advisory on Conti ransomware group to include new indicators of compromise (IOCs).

“Cyber attacks targeting networks used by emergency services personnel can delay access to realtime digital information, increasing safety risks to first responders and could endanger the public who rely on calls for service to not be delayed,” the alert stated.

“Loss of access to law enforcement networks may impede investigative capabilities and create prosecution challenges. Targeting healthcare networks can delay access to vital information, potentially affecting care and treatment of patients including cancellation of procedures, rerouting to unaffected facilities, and compromise of Protected Health Information.”

The Health Sector Cybersecurity Coordination Center (HC3) identified Conti as one of the top ransomware threats to the healthcare sector in Q1 2022, alongside LockBitSunCryptALPHV/BlackCat, and Hive.

The Department of State is offering the reward under its Transnational Organized Crime Rewards Program (TOCRP), which has paid out more than $135 million in rewards since its founding in 1986.

Next Steps

Dig Deeper on Cybersecurity strategies