Rewards for Justice is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).
Malicious cyber actors known by their online aliases of “Target,” “Reshaev,” “Professor,” “Tramp,” and “Dandis” are believed to be linked to the Conti ransomware group.
Conti (also known as Wizard Spider), is a Russian government-linked ransomware-as-a-service (RaaS) group that has targeted U.S. and Western critical infrastructure. After Russian military forces invaded neighboring Ukraine in February 2022, Conti ransomware operators pledged support to the Russian government and threatened critical infrastructure organizations of countries perceived to carry out cyberattacks or war against the Russian government.
First detected in 2019, Conti ransomware has been used to conduct more than 1,000 ransomware operations targeting U.S. and international critical infrastructure, such as law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the United States.
Conti operators typically steal victims’ files and encrypt the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely, with some ransom demands being as high as $25 million.
Anyone with information on the malicious cyber activity of the cyber threat actors known as “Target,” “Reshaev,” “Professor,” “Tramp,” and “Dandis” should contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).