The U.S. government is starting to more aggressively apply many of the same tactics used to take down organized crime families to cybercriminal gangs that now operate around the world. The United States is now offering a $15 million reward for information on the Conti ransomware group based in Russia. The reward consists of $10 million for the identification or location of leaders of the group, along with $5 million for information that results in the arrest of anyone conspiring with Conti.
The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess of $150 million in ransomware payments. It is also assumed to be responsible for striking 16 medical and first-responder networks in the United States and for an attack on the tax and customs platforms used by the government of Costa Rica.
The focus on Conti is, of course, directly related to events in Ukraine. The group promised to launch attacks against entities if they assisted Ukraine in its ability to resist the Russian invasion. In some respects, that invasion has allowed law enforcement officials to take the proverbial gloves off because there is not nearly as much concern about causing an international incident should the U.S. government one day arrest a member of Conti who might be a Russian national. Of course, such as arrest would have to occur in a country that has an extradition treaty in place with the United States.
The U.S. is in effect relying on a tried-and-true tactic of rewarding informers for providing information on criminal gang activity. Honor among thieves only goes so far when millions of dollars are being made available for information that authorities seek. They may be risking their lives to provide information, but the temptation to make money at the expense of someone who may be a rival is often too great to ignore.
Of course, none of this information may lead to arrests, but it should help authorities disrupt the operations of cybercriminal gangs. Armed with the insights provided by informers, it becomes more feasible to, for example, reclaim ill-gotten gains wherever they may be hidden. Forensics experts are already tracking down the financial assets of a wide range of individuals that are suspected of aiding and abetting cybercriminals.
How cybercriminals might fight back
The challenge, of course, is these tactics are not limited to the good guys. Criminals have been bribing law enforcement officials to look the other way for as long as there have been laws. They are also not above collecting embarrassing information that they then use to force others to do their bidding, including IT and security professionals. From the criminal’s perspective, it’s all fair game.
In the months and years ahead, cybersecurity will become much more of a game of spy-versus-spy than it already is. The difference is that rather than being content to programmatically infiltrate IT environments from afar, the chances are good cybercriminals will increase their efforts to put someone on the inside that has direct access to sensitive data that is worth a lot more than any potential risk of getting caught.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.