An official website of the United States Government Here's how you know

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Conti Ransomware: Reward Poster (Accessible – English) [168 KB]
Conti Ransomware: Reward Poster (English)
Conti Ransomware: Reward Poster (Spanish) [404 KB]
Conti Ransomware: Reward Poster (Russian) [344 KB]
Conti Ransomware: Reward Poster (Ukrainian) [485 KB]

For more information please see Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice – United States Department of State

NAME: Conti Ransomware as a Service (RaaS)
NATIONALITY: Various (Unknown)
CITIZENSHIP: Various (Unknown)

The U.S. Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group.  In addition, a reward of up to $5,000,000 is offered for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Conti ransomware incident.

The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years.  The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the most damaging strain of ransomware ever documented.  In April 2022 the group perpetrated a ransomware incident against the government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms.

Ransomware is a type of malicious software, or malware, that prevents a user from accessing computer files, systems, or networks until a ransom is paid for their return.  Ransomware incidents can cause costly disruptions to operations and the loss of critical information and data.  The Conti ransomware operates as a service wherein the extortion profit is shared between the RaaS owners and their affiliates.  The affiliates are the entities or individuals who effectuate the computer intrusion and deploy the ransomware.  Each affiliate uses its own intrusion method and the group negotiates the terms of the ransom demands with the victim.

The FBI does not support the payment of a ransom in response to a ransomware incident; however, many victims do pay the ransom.  Paying ransom demands encourages more ransomware incidents and provides an incentive to become involved in this type of illegal activity.  If you are the victim of a ransomware incident, please visit

If you have information, please contact the FBI at +1-800-CALLFBI (225-5324) or via the Internet at  Subsequent communications can occur through the WhatsApp, Telegram, or Signal messaging applications- or any other application of the tipster’s choosing.  If you are located outside of the United States, please contact the nearest U.S. Embassy/Consulate.  If in the United States, please contact the local FBI office in your city.


Government officials and employees are not eligible for rewards.

U.S. Department of State

The Lessons of 1989: Freedom and Our Future