The U.S. Department of State announced a $10 million reward for information leading to the identification or location of any individuals holding a key leadership position in the Conti ransomware group.
The agency is also offering $5 million for information leading to the arrest or conviction of anyone conspiring to participate in or attempting to participate in a Conti variant ransomware incident.
Conti has been responsible for hundreds of ransomware attacks, including incidents targeting healthcare and first-responder networks. The group was also behind the attack that took out Ireland’s health service in May 2021, along with a recent incident impacting the Costa Rican government.
“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” said State Department officials.
HC3’s first-quarter ransomware trends
The Health Sector Cybersecurity Coordination Center, meanwhile, released a bulletin this month outlining recent ransomware trends in the healthcare sector, including some of the most frequent bad actors.
Conti was among the top ransomware-as-a-service groups affecting the industry in the first quarter of 2022, along with LockBit, SunCrypt, ALPHV/BlackCat and Hive – the latter of which the FBI recently called “exceptionally aggressive.”
The agency also noted that financially motivated groups are shifting to ransomware operations and that ransomware groups are increasingly leveraging legitimate tools such as AnyDesk, ScreenConnect, FileZilla and BitLocker during intrusions. It drew attention to what it called “living off the land” attacks, when threat actors use what’s already available in the target environment instead of deploying custom tools and malware.
The agency recommended network segmentation, multifactor authentication and the use of a host firewall to restrict file-sharing communications, among other mitigation techniques. “The behavior-based approach that a modern security information and event management tool provides will be able to detect living-off-the-land techniques that signature-based detection cannot,” said HC3.
Microsoft ramps up cyber offerings
Microsoft announced this week that it was offering three new services aimed at helping organizations spot and respond to cyber incidents. The products include Microsoft Defender Experts for Hunting – through which Microsoft engineers will draw attention to issues in clients’ devices, Office 365 software installations, cloud applications, identity programs – and Microsoft Defender Experts for XDR, which helps companies take action on threats with the assistance of Microsoft employees.
The third tool, Microsoft Security Services for enterprise, involves bringing in dedicated experts to help manage onboarding, advisory services, managed detection and response, and recovery.
“We’re just expanding the scale because of the demands we are seeing,” Vasu Jakkal, a Microsoft corporate vice president focused on security, compliance, identity, management and privacy, told CNBC.