A US$10m bounty goes to informants that can provide actionable leads toward the arrest of the ransomware threat actors

In the first four months of 2022, Check Point Research (CPR) reported that, on average, one out of every 60 organizations served by its solutions globally had been impacted by an attempted ransomware attack every week: a 14% increase YoY.

The most recent attacks were in Costa Rica and Peru, reportedly launched by the infamous Conti ransomware gang.

Costa Rica had declared a national emergency after ransomware attacks led to a 672GB leak of data belonging to its government agencies. The Conti group had demanded a US$10m ransom, which the country declined to pay. The asking rate has since doubled to US$20m.

In Peru, the group had attacked the country’s intelligence agency and stolen 9.1GB of data. The Conti ransomware gang had also announced that they were “giving Peru a head start to look for them in their networks, despite the fact they refused to cooperate.”

To date, the US state department has offered a reward of up to US$10m for information leading to the identification or location of individuals involved. 

Conti in the major leagues
For a while, Conti was the face of ransomware, along with fellow gang REvil—until February this year when 14 of the latter’s operatives were arrested by the Russian authorities. This has effectively left Conti effectively in its position as a major league ransomware operation.

The Conti Ransomware group was first seen in the wild in 2020 and is believed to be led by a Russian-based group. Since its emergence, they have been the perpetrators of multiple attacks against organizations worldwide.

Their modus operandum is to reveal their identity at the final stage of a successful intrusion into their victims’ network. Initial intrusions can be performed using spear-phishing campaigns, stolen or weak credentials for RDP, or phone-based social engineering campaigns.

On February 25th, 2022, Conti released a statement pledging full support for the Russian government — coupled with a stern warning addressed to anyone who was considering retaliating against Russia, via digital warfare.

According to Maya Horowitz, VP of Research, Check Point Software Technologies, Conti has become much more aggressive since the beginning of the Russia/Ukraine war. “The recent attacks by Conti are in line with what we have been saying for some time—ransomware attacks are on the rise, and they are rising to the point where countries are getting paralyzed. Governments and organizations simply can’t afford to settle for second-best security anymore.”