The United States has been offering significant rewards for information on individuals involved in the Conti ransomware operation and the Department of State on Thursday provided additional details on who it’s looking for and even shared a photo of a suspect.
The State Department is looking for information on the hackers behind Conti, TrickBot and Wizard Spider, specifically the members known online as ‘Tramp’, ‘Dandis’, ‘Professor’, ‘Reshaev’ and ‘Target’.
The State Department has also released a photo showing the face of a man believed to be ‘Target’, who it describes as a Conti associate.
Information can be provided to authorities via phone, the surface web, or a Tor-based website set up specifically for this purpose.
The US government has been offering a reward of up to $10 million for information on Conti leaders since May, when it also announced a reward of up to $5 million for information leading to the arrest of any individual involved in Conti ransomware attacks, regardless of the country they live in.
“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the State Department said at the time.
While Conti has largely been linked to Russia, the US is looking for individuals of ‘various’ nationalities and citizenships.
The US government has also been offering up to $10 million for North Korean hackers, Russian intelligence officers involved in major cyberattacks, and DarkSide ransomware operators.
The Conti operation was shut down a few weeks after some of the group’s members openly expressed support for Russia after it launched its invasion of Ukraine. While the brand may have been terminated, its leaders appear to still be active, continuing their work through several smaller ransomware operations, including Karakurt, Black Basta, BlackByte, AlphV (BlackCat), HIVE, HelloKitty (FiveHands), and AvosLocker.
Industrial cybersecurity firm Dragos reported this week that the number of ransomware attacks on industrial organizations has decreased and it may be — at least partially — a result of the Conti operation shutting down.
Related: US Offers $10 Million Reward Against Election Interference
Related: U.S. Offers $10 Million Rewards for Information on Foreign Hackers

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
