For the first time, the United States has identified a potential member of renowned Russian
ransomware group Conti. The US Rewards for Justice (RFJ) is offering 10 million dollars for
information that would help identify and locate the person known as “Target”.
Conti is well known for raging terror on US soil and abroad. In May 2021, they paralyzed the
better part of Ireland’s healthcare system. Such attacks place Conti at the very worst of
ransomware gangs. Even though criminal by nature, some ransomware gangs specifically avoid
targeting hospitals, schools, and governments.
Conti went in the other direction. Their last attack on Costa Rica’s government plunged their
healthcare system into chaos. Costa Rica declared a state of emergency and postponed more than
30,000 medical appointments.
According to Advintel, this last attack was nothing but a publicity stunt. It looks like the RaaS
(Ransomware as a Service) group is restructuring. Most ransomware gangs are apolitical. But
Conti has declared full support for Russia’s invasion of neighboring Ukraine. This did not sit
well within the group, and one of its members leaked their confidential chats online. After that –
and its last operation in Costa Rica – Conti ceased all operations.
Russia is known to host multiple ransomware gangs. Trickbot and REvil both have proven ties to
Russia. Meanwhile, the US has put enormous effort into identifying and stopping these
criminals. If you have any information regarding Conti’s “Target” member, here’s a link to where
to submit it.
What is Ransomware?
Ransomware is a type of malware that infects devices and encrypts their data. After that, two
scenarios may follow – victims are threatened to have their confidential data exposed, or the data
is held at ransom, granting access upon payment.
Ransomware has become more popular and devastating in the last couple of years. Among its
victims are such renowned names as Apple, Kia Motors, CD PROJEKT, and Colonial Pipeline.
Ransomware is particularly damaging because it can immediately halt all operations. For
example, Ireland’s healthcare attack stopped visits and postponed operations. The medical staff
simply had nothing to work with because patients’ medical history was irretrievably encrypted.
In 2020, Germany announced the first death due to a ransomware attack.
Ransomware has to be handled with the utmost importance. The first step should be a
professional cybersecurity department responsible for network security and real-time risk
management. But below, we have also gathered several helpful tips anybody can take.
How to prevent ransomware
Do not open suspicious emails. To encrypt data, ransomware must gain access to the targeted
device. Infections are often spread via fraudulent emails. Do not download any suspicious
attachments and verify the sender’s address is correct before clicking on any links. If you hover
your mouse over a link, you will see the full address. If it differs from what you see in the email,
it may lead to an infected website.
Use a VPN. Since so many people use public Wi-Fi networks, cybercriminals often target them.
It’s best to use a Virtual Private Network (VPN) when connecting to public Wi-Fi. A VPN
reroutes your online traffic through its secure servers. If you don’t want to spend any money on
it, you can use a VPN free trial if you know you’ll be using public Wi-Fi.
Take care of your passwords. Passwords are still an important issue. The Colonial Pipeline
attack that cost nearly $5 million happened because of a compromised password. Do not ever use
the same password twice. Don’t use easy-to-guess passwords that contain personal information.
And be sure to enable multi-factor authentication when possible.