Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Government Shares Photo of Alleged Conti Ransomware Associate

The United States has been offering significant rewards for information on individuals involved in the Conti ransomware operation and the Department of State on Thursday provided additional details on who it’s looking for and even shared a photo of a suspect.

The United States has been offering significant rewards for information on individuals involved in the Conti ransomware operation and the Department of State on Thursday provided additional details on who it’s looking for and even shared a photo of a suspect.

The State Department is looking for information on the hackers behind Conti, TrickBot and Wizard Spider, specifically the members known online as ‘Tramp’, ‘Dandis’, ‘Professor’, ‘Reshaev’ and ‘Target’.

The State Department has also released a photo showing the face of a man believed to be ‘Target’, who it describes as a Conti associate.

Photo of Conti ransomware associate Target

Information can be provided to authorities via phone, the surface web, or a Tor-based website set up specifically for this purpose.

The US government has been offering a reward of up to $10 million for information on Conti leaders since May, when it also announced a reward of up to $5 million for information leading to the arrest of any individual involved in Conti ransomware attacks, regardless of the country they live in.

“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the State Department said at the time.

While Conti has largely been linked to Russia, the US is looking for individuals of ‘various’ nationalities and citizenships.

The US government has also been offering up to $10 million for North Korean hackers, Russian intelligence officers involved in major cyberattacks, and DarkSide ransomware operators.

Advertisement. Scroll to continue reading.

The Conti operation was shut down a few weeks after some of the group’s members openly expressed support for Russia after it launched its invasion of Ukraine. While the brand may have been terminated, its leaders appear to still be active, continuing their work through several smaller ransomware operations, including Karakurt, Black Basta, BlackByte, AlphV (BlackCat), HIVE, HelloKitty (FiveHands), and AvosLocker.

Industrial cybersecurity firm Dragos reported this week that the number of ransomware attacks on industrial organizations has decreased and it may be — at least partially — a result of the Conti operation shutting down.

Related: US Offers $10 Million Reward Against Election Interference

Related: U.S. Offers $10 Million Rewards for Information on Foreign Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.