The US government has for the first time revealed the identity of whom it believes to be a key member of one of the most prolific ransomware groups around.
The photo adjoins a new $10m reward put out by the State Department’s Rewards for Justice program, for information leading to the identification or location of members of the Conti group.
The reward lists the aliases of five suspected associates of the group: “Target,” “Reshaev,” “Professor,” “Tramp,” and “Dandis.” The US government believes the individual in the photo is “Target.”
“Conti (also known as Wizard Spider), is a Russian government-linked ransomware-as-a-service (RaaS) group that has targeted US and Western critical infrastructure,” the notice reads.
“After Russian military forces invaded neighboring Ukraine in February 2022, Conti ransomware operators pledged support to the Russian government and threatened critical infrastructure organizations of countries perceived to carry out cyber-attacks or war against the Russian government.”
The State Department said the group first surfaced in 2019 and has targeted over 1000 victim organizations, including law enforcement agencies, emergency medical services, 911 dispatch centers, and local government.
Conti shut down its leak site earlier this year and appeared to disband following a major data leak which exposed all of its internal communications from over a year.
However, it’s believed that its members will either join other operations or rebrand, as many outfits do when media and law enforcement attention becomes too intense. The group had already effectively rebranded from Ryuk in 2020.
The leaks revealed the scale of the operation: claiming that the group spent $6m annually on salaries, tools and services. Analysts observing its Bitcoin address said it received over $2.7bn over the past few years, making it one of the most successful groups ever.
In May 2022, the US government offered a $10m reward for info on the lead Conti actors via the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).