Start your day with intelligence. Get The OODA Daily Pulse.
[Editorial Note: In an effort at brevity, speed to post and clarity, this post is a compilation of the official State Department Press Statement and coverage by The Record].
The Conti ransomware group has targeted over a thousand organizations, extorting over $150 million in ransoms. Today @StateDept is offering rewards for information on Conti leadership and its affiliates. https://t.co/0RFkLKgK3U
— Matthew Miller (@StateDeptSpox) May 6, 2022
From The Record:
The U.S. State Department is offering $10 million for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang.
An additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member.
In a statement on Friday, State Department spokesman Ned Price said the group has been behind hundreds of ransomware attacks over the last two years.
“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” Price said.
The memo also notes that the group has recently claimed credit for a wide-ranging ransomware attack that targeted the government of Costa Rica as it transitioned to a new president. The attack crippled the country’s customs and taxes platforms alongside several other government agencies. The attack even brought down one Costa Rican town’s energy supplier.
Conti attacked Ireland’s Health Service Executive in May 2021, causing weeks of disruption at the country’s hospitals. Ireland refused to pay the $20 million ransom and now estimates it may end up spending $100 million recovering from the attack.
Irish Minister of State Ossian Smyth said it was “possibly the most significant cybercrime attack on the Irish State.”
The group similarly crippled dozens of hospitals in New Zealand and made a point of going after U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year, according to the FBI.
The group has suffered several internal breaches over the years, the most notable of which occurred in February after it expressed public support for Russia’s invasion of Ukraine.
Within days of the message, the gang’s internal Jabber/XMPP server – which carried their private messaging channel – was hacked, and two years of the group’s chat logs appeared on a new Twitter handle called @ContiLeaks.
The leaks revealed the group’s inner workings and illustrated the way they chose their targets.
The embarrassment from the leaks did little to slow the group down. On Wednesday, they added New York-based architecture firm EYP to its list of victims.
The State Department in November offered a $10 million reward for any information that may lead to the identification and/or arrest of members of the Darkside ransomware group as well as the operators behind the REvil (Sodinokibi) group.
It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.
Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.