US offers $15m reward for info on Conti group behind HSE cyberattack

9 May 2022

Image: © Sergey Novikov/Stock.adobe.com

Believed to be based in Russia, the ransomware group being targeted by the US has made more than $150m in payouts from victims.

The US Department of State is offering up to $15m as a reward for information on the group behind the Conti ransomware that was used to target Ireland’s national health service last year.

This includes a $10m reward for any info that leads to the identification or location of individuals holding key leadership positions in the organised crime group behind Conti, as well as a $5m reward for any info leading to the arrest of anyone conspiring or attempting to participate in a Conti attack.

First observed in 2020, the Conti ransomware has been linked to a group believed to be based near St Petersburg, Russia, and has been responsible for hundreds of cyberattacks in the past two years.

In May 2021, the Conti group was behind the HSE ransomware incident that saw more than 80pc of the IT infrastructure of healthcare services across Ireland impacted in what was said to be the most serious cyberattack ever to hit the State’s critical infrastructure.

Even though Ireland did not pay the group a ransom, the hackers behind Conti made money elsewhere. The FBI estimates that as of January 2022, there had been more than 1,000 victims of attacks associated with Conti ransomware, with victim payouts exceeding $150m.

The US Department of State, which announced the rewards for information last Friday (6 May), said that this makes the Conti ransomware variant the “costliest strain of ransomware” ever documented.

“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cybercriminals,” a statement read. “We look to partner with nations willing to bring justice for those victims affected by ransomware.”

Most recently, the group behind Conti perpetrated a ransomware incident against the government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms. Costa Rica declared a state of national emergency yesterday (8 May) as a result.

In the immediate aftermath of Russia’s invasion of Ukraine earlier this year, a Ukrainian researcher took the cybersecurity world by storm after publishing more than 60,000 internal messages of the Conti group.

According to BleepingComputer.com, he was angered by a blogpost made by the hacker group declaring its allegiance to Russia and accessed the back-end of Conti’s XMPP chat server and extracted 60,694 internal messages of the group between January 2021 and February 2022 – potentially providing vital information for investigations.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com