The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group.
The U.S. Department of State unveiled the reward on Thursday, adding a $5 million reward for for information that leads to the arrest and conviction of individuals participating in a DarkSide attack.
The news comes on the heels of an announcement by BlackMatter, a derivative of the now shuttered ransomware gang DarkSide, which said it would also be ceasing operations due to increased pressure from international law enforcement agencies.
Critical Infrastructure Under Attack
DarkSide is perhaps best known for its highly disruptive attack on Colonial Pipeline in May, which created upheaval in fuel supplies on the U.S. East Coast as people began hoarding gas on the eve of Memorial Day weekend. The group is also believed to have been behind a ransomware attack against Toshiba.
Both groups’ focus on critical infrastructure is what has raised the hackles of international law-enforcement to a critical boiling point. BlackMatter, which emerged in July, targeted two U.S. agricultural cooperatives in the United States in one week in September alone–Iowa-based farmers feed and grain cooperative NEW Cooperative and Minnesota-based supply and grain marketing cooperative Crystal Valley.
These attacks demonstrate a disregard of President Joe Biden’s call for international leaders to shut down ransomware groups. Increased pressures, according to officials, have only sent criminals scurrying deeper into the shadows.
There has been a measure of success. The servers from the prolific ransomware group, REvil, went dark days after Biden asked for international action by countries such as Russia.
U.S. Hopes to Spur Global Ransomware Crackdown
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” the Department of State said in its release.
The department is offering the reward under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), which it manages with federal law enforcement partners as part of the government’s effort to disrupt and dismantle international crime syndicates.
International authorities already have made significant progress in apprehending those responsible for ransomware. Just last week Europol apprehended 12 individuals allegedly responsible for “wreaking havoc across the world with ransomware attacks against critical infrastructure,” according to an agency press release. In fact, it’s those arrests are what caused BlackMatter to shut down.
Early last month Interpol arrested members of a ransomware gang believed to be REvil in Ukraine, with investigators in Germany revealing the identity of the group’s leader shortly after in an effort to nab him as well.
Sweetening the Deal
The reward offered by Department of State should serve to bolster these law-enforcement efforts, according to security professionals. Jake Williams, co-founder and CTO at incident response firm BreachQuest, even noted that offering financial incentive to capture ransomware criminals is “long overdue.”
The reward also capitalizes on the ransomware as a service (RaaS) crime model that many ransomware groups—DarkSide/BlackMatter included–use to tap affiliates to carry out their activities, he added.
“As ransomware operators have adopted an affiliate model for operations, the number of people they must place trust in, even at arm’s length, has increased dramatically,” Williams said in an e-mail to Threatpost. “With rewards this large, there’s a substantial incentive for these criminals to turn on one another.”
Several professionals compared the $10 million bounty to the $25 million that the United States offered to help authorities track down Al-Qaeda terrorist leader Osama bin Laden, noting that the sizeable sum shows commitment on their part.
“It does illustrate how important this information might be, especially since the incentive is enough that it potentially turns friends into foes,” said Sean Nikkel, senior cyber threat intel analyst at digital risk protection firm Digital Shadows, in an email to Threatpost.
Indeed, federal incentive from governments could be a crucial step into spurring the international crime-fighting effort needed to shut down ransomware gangs for good, noted another security professional.
“Bounties encourage collaboration and intelligence sharing, which increases jeopardy for the attacker and may cause them to think again,” Danny Lopez, CEO for security firm Glasswall, said in an email to Threatpost.
Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials to Stop Attacks,” on Wed., Nov. 17 at 2 p.m. ET. Sponsored by Specops.