The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of the leaders behind the DarkSide ransomware. The bounty announced on Thursday is the latest effort by the U.S. government to crack down on ransomware actors, after several high-profile cyber attacks this year.
The department will also pay out up to $5 million for information leading to the arrest or conviction of individuals - in any country - participating in a DarkSide ransomware attack. The DarkSide ransomware group was behind the May ransomware attack on the Colonial Pipeline, a 5,500-mile pipeline that carries 45 percent of the fuel used in the U.S. East Coast, which led to the company temporarily shutting down the pipeline.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” said Ned Price, a spokesperson with the department, on Thursday. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”
On the heels of the Colonial Pipeline attack, the U.S. government has looked at ways to tighten critical infrastructure security. An executive order by the Biden administration earlier this year aimed to tackle overarching issues plaguing the U.S. government, from supply-chain security to outdated security models.
“It’s encouraging to see more and more U.S. government agencies step in to fight ransomware,” said John Hultquist, VP of intelligence analysis with Mandiant. “For ransomware services, the pressure is increasing and while ransomware isn’t going to go away tomorrow, we can expect disruption to some actors and maybe even a change in the way some do business.”
“For ransomware services, the pressure is increasing and while ransomware isn’t going to go away tomorrow, we can expect disruption to some actors and maybe even a change in the way some do business.”
DarkSide, which first emerged in August 2020, is a ransomware-as-a-service operation, meaning that affiliates on underground forums are used to deliver the malware. The DarkSide group claimed it was shutting down operations in May, after the Colonial Pipeline attack led to attention from the FBI and the White House. Since then, security researchers have theorized the BlackMatter ransomware group is a partial reincarnation of DarkSide. This week BlackMatter claimed that it has decided to cease operations, saying that some of its members are “no longer available.”
This reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), a program established in 2013 that gives the Secretary of State statutory the ability to offer rewards of up to $25 million for information leading to the arrest or conviction in any country of those participating in transnational organized crime.
The program has been leveraged to offer bounties for other cybercriminals over the years. In 2019, a reward of $5 million was offered for information leading to the arrest of Maksim Viktorovich Yakubets, the alleged leader of the Evil Corp cybercrime group. In 2020, the Department of State announced $1 million bounties for information leading to the arrest of Ukrainian nationals Artem Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko, who allegedly hacked the Securities and Exchange Commission (SEC) in 2016.
At the same time, other law enforcement efforts are being carried out against cybercriminals globally, including an operation announced last week that involved authorities from several countries and led to the arrest of 12 individuals linked to ransomware attacks.