Enlarge image
US government manhunt
Photo: US Department of State
It wasn't that long ago that it looked like one of the internet's most notorious extortionist groups tripped themselves up.
On February 25, the day after the start of the Russian invasion of Ukraine, Conti published a patriotic message: "The Conti team officially announces its full support of the Russian government.
If anyone decides to engage in cyberattacks or warfare against Russia, we will use all our resources to attack the enemy's critical infrastructure."
The group did send a second message, claiming that it was "not an ally of any government."
But for an unknown person with sympathies for Ukraine, it was all apparently still too much.
On February 27, this individual began posting more than 60,000 chat messages from Conti members via Twitter, followed by technical specs and even pieces of the group's ransomware code.
Conti was disgraced - but not in the end, on the contrary.
For several weeks, the group has been blackmailing the government of an entire country: Costa Rica.
In mid-April, the health authority first announced that it had been infected by Contis malware, but it now seems clear that at least eight other authorities and institutions have been affected, including the finance and labor ministries.
They are named on Conti's leak page on the Tor network.
In addition, the criminals released 672 gigabytes of internal data from the authorities, as »Bleeping Computer« reports.
Ten million dollars ransom, ten million dollars bounty
Conti had initially demanded a ransom of ten million dollars, otherwise the attacks would continue.
However, the Costa Rican government is refusing to pay and on Sunday declared a national emergency.
"In order to be able to better defend ourselves," as President Rodrigo Chaves said.
It was one of his first acts, Chaves was sworn in on Sunday.
His country is not alone in fighting Conti.
Ten million dollars is also the bounty that the US government put on the leaders of Conti last Friday.
The State Department is offering "up to $10 million for information leading to the identification or location of key individuals," according to a statement.
There is an additional up to five million dollars "for information leading to the arrest and / or conviction in any country of persons who participated in or attempted Conti ransomware extortion".
The size of the rewards is not surprising, given the damage already done: According to the FBI, Conti has already found more than 1,000 victims and extorted the equivalent of more than $150 million, "making the Conti ransomware the most destructive ransomware variant ever documented became".
What's missing from the announcement is an explicit offer of traitors, as the US sometimes does.
At the end of April, US authorities also put a $10 million bounty on foreign, state-sponsored hackers who had attacked critical infrastructure in the US.
The statement said that "relocations and reward payments in cryptocurrencies" are conceivable for "suitable sources" - a barely veiled reference to members of corresponding criminal groups who rat on their colleagues and then want to flee abroad.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/ME2T7R4475BYDHT2ASGCOZNAGQ.jpg)
