US announces $10m reward for the heads of DarkSide’s leaders

US announces $10m reward for the heads of DarkSide’s leaders

US announces $10m reward for the heads of DarkSide's leaders

The US State Department has announced a reward of up to $10 million for anyone who can help identify or track down the leaders of the notorious DarkSide ransomware group.

The department has also announced an additional $5 million reward for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in ransomware incidents involving the DarkSide variant.

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” said U.S. Department of State spokesperson, Ned Price. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organisations affected by ransomware.”

The DarkSide group was responsible for the ransomware attack against Colonial Pipeline earlier this year. The attack led to the shutting down of a 5,500-mile pipeline that carries 45% of the fuel to the U.S. east coast. The company paid $5 million to the DarkSide ransomware group to restore operations within hours after the ransomware attack paralysed fuel supplies.

Soon after, on 13th May, the cybercrime group shut down their site on the Dark Web and emptied their Bitcoin wallet containing over $90 million that they accrued from their ransomware attacks, averaging approximately $1.9 million ransom paid per victim.

The group soon resurfaced, named themselves BlackMatter, and started attacking Japanese technology giant Olympus in September and several organisations deemed critical infrastructure, including two companies in the U.S. food and agriculture sector.

The distributors of the BlackMatter ransomware recently announced plans to shut down operations due to immense pressure from authorities and recent law enforcement operations. On 1st November, a tweet with a screenshot of the message was posted by security research group vx-underground on its Ransomware-as-a-Service (RaaS) portal, warning affiliates that the group will shut operations within 48 hours.

The $10 million reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). The Department, along with the federal law enforcement partners, manages the TOCRP as a part of the government’s effort to disrupt and dismantle international crime syndicates.

Commenting on the reward offered by the US, Danny Lopez, CEO, Glasswall told Teiss, “Financial incentive from government entities could be a crucial step in combating the wave of ransomware attacks from DarkSide and related groups. Bounties encourage collaboration and intelligence sharing, which increases jeopardy for the attacker and may cause them to think again.

“This latest policy move, plus the administration’s earlier executive orders (EOs) on the subject, show that federal cyber leaders are pushing for a more secure future for the U.S. Previous EOs have emphasized the importance of stronger multi-factor authentication and encryption, which we applaud. These are critical elements in an effective cybersecurity stack, but an overarching zero-trust approach will take businesses’, government agencies, and critical infrastructure organisations’ proactive protection to the next level,” he added.

Also Read: DarkSide ransomware gang shuts shop following ‘law enforcement request’

Copyright Lyonsdown Limited 2021

Top Articles

2,500 years of Threat Intelligence

In order for threat intelligence to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach.

Don’t fall foul of homoglyph web domains

Homoglyphs are characters from other scripts, which can look like Latin letters. They are used in domain names and they are very hard to spot.

Cyber attack targeted Spanish beer maker Damm; halted brewery operations

Damm, Spain's second largest beer-making company, suffered a major cyber attack targeting one of its IT systems last week.

Related Articles

[s2Member-Login login_redirect=”” /]