Ransomware is one of the major security threats faced by organizations around the world. Particularly in the U.S., it has turned into a national security risk as cybercriminals target critical elements of the country’s infrastructure.
On Nov. 4, the U.S. State Department announced that it will be offering a reward of up to US$10 million for any information that could assist in the “identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.”
The State Department also included a bounty of $5 million for any intel or tip-off that could potentially lead to the arrest or conviction in any country of anyone who is plotting or trying to engage in an attack by employing DarkSide’s ransomware.
The government’s decision to raise stakes in its fight against DarkSide comes after the infamous ransomware group managed to disrupt one of the major fuel pipelines in the country.
A Cyber attack on the Colonial Pipeline in May 2021 led to a shutdown in operations for several days, resulting in fuel shortages, panic buying, and a hike in prices. The 5,500-mile (8,851 km) pipeline carries approximately 45 percent of the fuel used on the U.S. east coast.
Joseph Blount, CEO of Colonial Pipeline, revealed in an interview with The Wall Street Journal that the company paid a ransom of nearly $4.4 million in bitcoin to regain access to its systems. The Justice Department later managed to recover approximately $2.3 million after determining the virtual currency wallet of the criminals.
Repercussions of the attack saw The White House intensify surveillance on DarkSide. The hacking group lost control of its servers following an inexplicable cyberattack. It then tried to make a comeback in July by rebranding itself as BlackMatter.
In September alone, it had targeted two U.S. agricultural cooperatives: Iowa-based New Cooperative and Minnesota-based Crystal Valley.
However, BlackMatter said recently that it would be shutting shop following heightened pressure from officials in law enforcement. The group also lost some of its members.
According to security experts, the reward offered by the state department should aid in boosting the efforts for law enforcement. Jake Williams, CTO at BreachQuest, wrote in an email to Threatpost, “As ransomware operators have adopted an affiliate model for operations, the number of people they must place trust in, even at arm’s length, has increased dramatically… With rewards this large, there’s a substantial incentive for these criminals to turn on one another.”
Brett Callow, threat analyst at Emsisoft told ZDNet, feels the State Department reward is a “very smart move.” Cybercriminals will “happily throw each other under the bus” provided the right amount of cash is offered. The reward can breed “even more distrust” among these cyber criminals, making it difficult for such gangs to operate.
The $10 million reward is by far the largest amount ever offered for the arrest of a cyber criminal. Maksim Yakubets, kingpin of another ransomware group called Evil Corp, previously held that record.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals. The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware,” the State Department said.
The department’s Transnational Organized Crime Rewards Program (TOCRP) will be presenting the $10 million reward. To date, the department has shelled out more than $135 million. More than 75 transnational criminals and major narcotics traffickers have been nabbed under the TOCRP and Narcotics Rewards Program (NRP) since 1986.