Security Experts:

US Government Shares Photo of Alleged Conti Ransomware Associate

The United States has been offering significant rewards for information on individuals involved in the Conti ransomware operation and the Department of State on Thursday provided additional details on who it’s looking for and even shared a photo of a suspect.

The State Department is looking for information on the hackers behind Conti, TrickBot and Wizard Spider, specifically the members known online as ‘Tramp’, ‘Dandis’, ‘Professor’, ‘Reshaev’ and ‘Target’.

The State Department has also released a photo showing the face of a man believed to be ‘Target’, who it describes as a Conti associate.

Photo of Conti ransomware associate Target

Information can be provided to authorities via phone, the surface web, or a Tor-based website set up specifically for this purpose.

The US government has been offering a reward of up to $10 million for information on Conti leaders since May, when it also announced a reward of up to $5 million for information leading to the arrest of any individual involved in Conti ransomware attacks, regardless of the country they live in.

“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the State Department said at the time.

While Conti has largely been linked to Russia, the US is looking for individuals of ‘various’ nationalities and citizenships.

The US government has also been offering up to $10 million for North Korean hackers, Russian intelligence officers involved in major cyberattacks, and DarkSide ransomware operators.

The Conti operation was shut down a few weeks after some of the group’s members openly expressed support for Russia after it launched its invasion of Ukraine. While the brand may have been terminated, its leaders appear to still be active, continuing their work through several smaller ransomware operations, including Karakurt, Black Basta, BlackByte, AlphV (BlackCat), HIVE, HelloKitty (FiveHands), and AvosLocker.

Industrial cybersecurity firm Dragos reported this week that the number of ransomware attacks on industrial organizations has decreased and it may be — at least partially — a result of the Conti operation shutting down.

Related: US Offers $10 Million Reward Against Election Interference

Related: U.S. Offers $10 Million Rewards for Information on Foreign Hackers

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.