- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
US Offers $10m Reward to Unmask DarkSide Leaders
The US State Department has offered $10m to anyone able to help reveal the identity or location of “leaders” of the DarkSide ransomware group.
In a first for the government, the department also said it would offer $5m for information “leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”
The group most famously was responsible for the Colonial Pipeline outage earlier this year, which forced gas prices up and led to fuel shortages up and down the US East Coast.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber-criminals,” the statement noted.
“The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”
The reward is being offered under the department’s Transnational Organized Crime Rewards Program (TOCRP), which has apparently paid out $135m and helped to bring over 75 criminals to justice since 1986.
Jake Williams, co-founder and CTO at BreachQuest, said the move was long overdue and would help to drive a wedge between threat actors, following news of disruption of the REvil group by law enforcement.
“As ransomware operators have adopted an affiliate model for operations, the number of people they must place trust in, even at arm’s length, has increased dramatically. With rewards this large, there’s a substantial incentive for these criminals to turn on one another,” he argued.
“Perhaps more importantly than the specific impacts to DarkSide, this action undermines trust across the ransomware as a service affiliate model.”
However, John Bambenek, principal threat hunter at Netenrich, was more pessimistic, arguing that even if a threat actor were unmasked, they would likely remain safe from US prosecutors if harbored somewhere like Russia.
“Absent a bounty hunter willing to travel to their jurisdiction, put their unconscious body in a bag and dumping it at the nearest US embassy, I doubt this will have much of an impact,” he claimed.
“To be fair, it certainly won’t hurt either. I just don’t expect to see any press conference with the secretary of state handing out a large, cardboard $10m check anytime soon.”