US Offers $15 Million for Information on Leaders and Developers of Conti Malware

US authorities are offering up to $15 million for information that will help to identify both the leaders and members of the Conti extortion group.

So, up to $10 million rewards can be received for information about the identities and any information on Conti leaders, and an additional $5 million for any information that leads to the arrest or conviction of members and partners of the group who are associated with Conti malware attacks.

Let me remind you that we also reported that Experts Analyzed a New Sample of Malware and Confirmed the REvil Return.

According to an official statement from the US State Department, Conti is considered one of the most “profitable” ransomware of recent times: it has now attacked more than 1,000 victims, who in total paid ransoms worth more than $ 150 million to hackers.

Let me remind you that Conti is one of the most active groups operating under the Ransomware-as-a-Service scheme (“ransomware-as-a-service”, RaaS). Experts associate it with the Russian-speaking group Wizard Spider (also known for other malware, including Ryuk, TrickBot and BazarLoader).

Costa Rica has become one of the latest victims of Conti: at the end of last week, the newly elected president of the country, Rodrigo Chavez, was forced to declare a state of emergency due to Conti’s attack on a number of government agencies.

Bleeping Computer reported that a 672 GB dump was published on the “leak site” Conti, allegedly containing information stolen from government agencies in Costa Rica.

The hack appears to have affected at least the Treasury Department, which has yet to fully assessed the scope of the incident and its impact on taxpayer data, payments, and customs systems. According to media reports, the hackers demanded a $10 million ransom from the Treasury, but the government refused to pay. At the same time, almost all digital services of the Ministry of Finance of Costa Rica have been unavailable since April 18.

The Conti website also lists the following departments allegedly affected by the attack:

1. Ministry of Finance of Costa Rica (Ministryio de Hacienda);
2. Ministry of Labor and Social Security (MTSS);
3. Social Development and Family Allowance Fund (FODESAF);
4. Intercollegiate Headquarters of Alajuela (SIUA).

According to media reports, other departments and organizations of the country also suffered from the large-scale Conti attack, including:

1. Administrative Council of the Electrical Service of the Province of Cartago (Jasec);
2. Ministry of Science, Innovation, Technology and Communications;
3. National Meteorological Institute (IMN);
4. Radiographic Costarricense (RACSA);
5. Costa Rican Social Security Fund (CCSS).