The U.S. Department of State offered up to $10 million in rewards Friday for information on the notorious Conti ransomware gang.
According to an announcement from State Department Spokesperson Ned Price, the reward is for information "leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group." In addition to the $10 million bounty, the department is offering an additional $5 million for information resulting in "the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident."
"The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years," the statement read. "The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti ransomware variant the costliest strain of ransomware ever documented."
The bounty followed Conti's attack on the Costa Rica government in mid-April. The attack primarily affected the nation's Ministry of Finance, but there were impacts on other government agencies, including the Ministry of Science, Innovation, Technology and Telecommunications.
The U.S. and Costa Rica are trading partners, and Price's statement directly referenced both the attack and the attack's impact on Costa Rican trade.
"In April 2022, the group perpetrated a ransomware incident against the Government of Costa Rica that severely impacted the country's foreign trade by disrupting its customs and taxes platforms," Price said. "In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals. We look to partner with nations willing to bring justice for those victims affected by ransomware."
Costa Rica President Rodrigo Chaves declared a national cybersecurity emergency on Sunday, the same day he took office. Shortly after the attack occurred in April, the government -- at the time led by former President Carlos Alvarado -- publicly declined to pay a $10 million ransom demand. In turn, Conti has leaked nearly all of the 672 GB of data stolen from the government.
The Conti ransomware variant was first detected in 2020. Though the Costa Rican government is almost certainly its most significant victim to date, Conti has attacked a number of big-game targets including data backup vendor ExaGrid last year.
The Conti gang gained new prominence in February for publicly declaring support for Russia shortly after its invasion of Ukraine. In its initial declaration Feb. 25, Conti threatened to use "all possible resources" to attack the critical infrastructure of those who would harm Russia. In a replacement message posted two days later, Conti used slightly softer and more defensive language while simultaneously calling out the U.S. directly.
Conti gained additional attention for the massive leak that followed said declaration. An anonymous security researcher, operating as "Conti Leaks" on Twitter, began leaking Conti source code, private communications and other documents in February, giving security vendors and threat analysts an unprecedented look at the inner workings of the ransomware gang.
SearchSecurity asked the U.S. State Department if Conti's declaration of support for Russia played a role in the bounty.
"We are supporting potential victims of ransomware around the world," a state department spokesperson said. "Although the owners, operators, and affiliates of a ransomware service could be located in any country, investigators believe that many of the co-conspirators are living in Russia or other former Soviet countries."
Additionally, the spokesperson said that announcing the reward with the Costa Rican government signaled a "commitment of the United States to support its allies against the leaders and affiliates of the Conti ransomware variant group."
Alexander Culafi is a writer, journalist and podcaster based in Boston.