Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

U.S. Offers “Up to $10 Million” for Conti Gang Information

August 18, 2022

On August 16, Naked Security reported on a story involving Conti, which is a well-known ransomware gang that operates as a ransom-as-a-service (RaaS) group, in which a core of members handles the ransomware code, the blackmail demands, and the receipt of extortion payments.

The attacks themselves are coordinated by a loose “team” of affiliates who are recruited not for their malware coding abilities, but for their phishing, social engineering and network intrusion skills.

Affiliates typically seem to earn about 70% of any blackmail money that’s ultimately extorted by the gang from any victims they attack. They often attack at night, on weekends and on holidays.

The more completely a victim’s network gets derailed and disrupted, the more likely it is that they’ll end up paying to unlock their essential data and get the business operating again.

The core members of a RaaS gang and their affiliates sometimes become strained. We saw that more than a year ago, where there was a mutiny among the affiliates.

It appeared that at least some affiliates in the Conti ransomware scene were not being paid 70% of the actual ransom amount collected, but 70% of an imaginary but lower number reported to them by the core Conti gang members.

The U.S. has upped the ante once more, officially and publicly offering a reward of “up to $10 million” under the single-word headline “Conti”. The offer noted:

First detected in 2019, Conti ransomware has been used to conduct more than 1,000 ransomware operations targeting U.S. and international critical infrastructure, such as law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the United States.

Conti operators typically steal victims’ files and encrypt the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely, with some ransom demands being as high as $25 million.

The payment is available under a global US anti-crime and anti-terrorism initiative known as Rewards for Justice (RfJ), administered by the US Diplomatic Service on behalf of the US Department of State (the government body that many English-speaking countries refer to as “Foreign Affairs” or “the Foreign Ministry”).

The RfJ program dates back nearly 40 years, during which time it claims to have paid out about $250 million to more than 125 different people worldwide, which reflects mean average payouts of about $2,000,000 about three times each year.

Although this suggests that any individual whistleblower in the Conti saga is unlikely to rake in the whole $10 million on their own, there’s plenty of reward money there to be had.

This time, though, the US Department of State has expressed an explicit interest in five individuals, though currently only known by their underground names: Dandis, Professor, Reshaev, Target, and Tramp.

Let’s hope the $10,000,000 takes some of the cybercriminals out of action.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology