The U.S. Department of State is upping the ante in its fight against ransomware by offering a reward of up to $10 million for information that helps identify or track down leaders of the notorious DarkSide ransomware group.
The State Department said it’s also offering as much as $5 million for information that leads to the arrest or conviction of anyone ”conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.” This is likely a nod to the group’s affiliate program, in which members receive a custom variant of the DarkSide ransomware and receive a chunk of any ransom payment profits.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cybercriminals,” the State Department said. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”
The FBI's wanted poster for the DarkSide ransomware group. (Image Credits: FBI)
The State Department says it launched the bounty in the wake of DarkSide’s attack on Colonial Pipeline earlier this year, which led to the shutdown of a 5,500-mile pipeline that carries 45% of the fuel used on the U.S. east coast.
The group went dark shortly after its servers were hacked, and later rebranded as BlackMatter, which went on to attack Japanese technology giant Olympus in September and “multiple” organizations deemed critical infrastructure, including two companies in the U.S. food and agriculture sector. BlackMatter said this week that it was also ceasing operations due to pressure from law enforcement agencies.
The $10 million reward is being offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), which it manages with federal law enforcement partners as part of the government’s effort to disrupt and dismantle international crime syndicates. The State Department noted that it had paid $135 million in rewards since it was created in 1986.
Jake Williams, CTO at BreachQuest, told TechCrunch that the State Department’s bumper reward will cause ripples far beyond DarkSide: “With rewards this large, there’s a substantial incentive for these criminals to turn on one another. Perhaps more importantly than the specific impacts to DarkSide, this action undermines trust across the ransomware as a service affiliate model.
“This is especially good timing since it capitalizes on the recent REvil infiltration by law enforcement. The law enforcement action against REvil in July already caused significant trust issues among operators. This drives that wedge deeper and will extend far beyond DarkSide.”
This is the latest in a long line of efforts by the Biden administration to crack down on the growing ransomware threat. Most recently, the Treasury took steps to crack down on virtual currency exchanges by sanctioning Suex for its role in facilitating ransomware payments.