The US Department of State has upped the ante in the Biden administration’s ongoing battle against ransomware operators, announcing a reward of up to $10m (£7.4/€8.7m) for information leading to the identification and/or location of key members of the DarkSide syndicate.
The authorities are also offering a second bounty of up to $5m for information leading to the arrest and/or conviction of any affiliate conspiring to or attempting to conduct DarkSide ransomware attacks.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” the State Department said in a statement. “The United States looks to nations who harbour ransomware criminals that are willing to bring justice for those victim businesses and organisations affected by ransomware.”
The DarkSide crew, which emerged in 2020 and gained a small amount of notoriety after attempting to donate some of the profits from its crimes to charities, sprung to prominence in May 2021, after it held up CNI operator Colonial Pipeline, forcing the shutdown of a 5,500-mile oil pipeline and disrupting fuel supplies across the eastern US.
Likely realising that the scale of the Colonial Pipeline hit was attracting too much attention, DarkSide subsequently tried to distance itself from the incident and ultimately shut down its ransomware-as-a-service (RaaS) operation after parts of its infrastructure were seized and their bitcoin wallets emptied.
Nevertheless, the close-knit nature of the largely Russia-based ransomware underground suggests the key actors are almost certainly still active in some capacity.
The rewards are offered under an ongoing Transnational Organised Crime Rewards Programme, operated by the State Department alongside US law enforcement as part of the Americans’ “whole of government” approach to tackling organised crime.
ESET’s Jake Moore, himself a former cyber crime investigator for Dorset Police, said that while the scale of the reward on offer might encourage some people to come forward, it was still a long shot.
“Cyber crime groups often work in silos with remote capacities where they do not even know the true identities of their colleagues in order to reduce the risk of capture,” he said. “Many gangs operate online across the dark web to evade being detected.
“DarkSide is a very sophisticated and dangerous cyber criminal group that goes to extreme lengths to hide its tracks, or even not make any tracks to follow in the first place. When such tactics leave the FBI struggling to piece any clues together, it is not unheard of to start offering rewards.”
But ImmuniWeb’s Ilia Kolochenko said the State Department was making a smart move. “Many sophisticated threat actors use multi-layered anonymisation techniques that undermine all efforts to identify them by technical or scientific means,” he said. “Moreover, forensic procedures can be prohibitively expensive for underfunded law enforcement agencies.
“Nonetheless, cyber criminals are all humans. They are prone to the same human weaknesses as everybody else. They may accidentally disclose their illicit activities to friends or boast about hacking. Finally, rival hacking groups may know each other in person and perfidiously report their competitors to earn money and increase their market monopoly,” said Kolochenko.
“Therefore, starting a bug bounty to unmask cyber criminals is a great and long-awaited idea that will likely bring fruitful results. The process should be systemised and implemented in other countries as well.”
