A ransomware attack in May knocked out a pipeline that transports 45 percent of the petroleum consumed on the US East Coast. The Colonial Pipeline incident sparked panic purchasing and raised concerns about the threat presented by simple national infrastructure intrusions.
The US State Department is now offering a $10 million reward to anyone who can provide the “identity or location” of the leaders of the gang involved — DarkSide.
A reward of up to $5 million is being offered in addition to the $10 million bounty for information leading to the arrest or conviction of “any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”
It’s unclear exactly what that entails. Is a “DarkSide variant ransomware incident” one that uses the cyber capabilities of the group? What if the software has been slightly modified? It appears to be purposefully unclear, allowing the State Department to cast a wide net.
The offer is the latest example of the United States’ use of monetary incentives to combat major cybercrime. The Rewards for Justice (RfJ) programme, which was founded in 1984 to combat international terrorism, is offering these prizes.
The US appears to believe that cybercriminals now deserve the same amount of attention, since the State Department began paying $10 million rewards through RfJ in July for information on anyone who engage in “malicious cyber activities against US critical infrastructure.”
The State Department’s latest bounty’s ambiguity stems from the shifting nature of hacking groups. These organisations can disband and reorganise as quickly as someone adopting a new login, but they frequently employ similar tactics and software that can be used to trace a common genealogy.
Following the Colonial Pipeline disaster, DarkSide, for example, suspended all operations. The incident appeared to catch the gang off guard, and they even made a formal apology for the “social consequences” of their actions.
Members of the gang may have just rebranded as an entity called BlackMatter, which resurfaced on the scene weeks after DarkSide vanished, carrying comparable weapons and methods, according to US cybersecurity specialists. The state department’s bounty is likely to apply to them as well.
