The US Department of State announced on Saturday they are offering up to $10 million for information leading to the identification and/or location of anyone in a leadership position in the Conti ransomware gang. Additionally, they are offering $5 million for information leading to the arrest of anyone conspiring or participating in a Conti ransomware incident. The FBI estimates the Conti ransomware gang has extorted victims for over $150 million making them one of the most profitable cyber-criminal organizations. The reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). The State Department has offered similar rewards in the past for information on REvil and Darkside threat groups.
Ransomware incidents continue to be a huge issue for organizations across the globe. US law enforcement agencies continue to work in close coordination as part of a whole of government effort to disrupt and dismantle transnational organized cybercrime. Organizations should still take proactive measures to ensure they are protected from ransomware. To protect against ransomware attacks, organizations should:
• Regularly back up data, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.
• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.
• Focus on cyber security awareness and training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.