A ransomware assault in May knocked off a pipeline that transports 45 percent of the petroleum consumed on the US East Coast. The Colonial Pipeline incident sparked panic purchasing and raised concerns about the threat presented by simple national infrastructure intrusions. The US State Department is now offering a $10 million reward to anybody who can provide the “name or whereabouts” of the leaders of the gang involved — DarkSide.
A reward of up to $5 million is being offered in addition to the $10 million bounty for information leading to the arrest or conviction of “any anyone plotting to engage in or trying to participate in a DarkSide variant ransomware outbreak.” It’s unclear exactly what that entails. Is a “DarkSide variant ransomware event” one that uses the cyber capabilities of the group? What if the program has been slightly modified? It appears to be purposefully unclear, allowing the State Department to cast a wide net.
The offer is the latest example of the United States’ use of monetary incentives to combat major cybercrime. The Rewards for Justice (RfJ) program, which was founded in 1984 to combat international terrorism, is offering these prizes. The US appears to believe that cybercriminals now deserve the same amount of attention, since the State Department began paying $10 million rewards through RfJ in July for information on anyone who engage in “malicious cyber actions against US vital infrastructure.”
The State Department’s newest bounty’s ambiguity stems from the shifting nature of hacking groups. These organizations can disband and reorganize as quickly as someone adopting a new login, but they frequently employ similar tactics and software that can be used to trace a common genealogy.
Following the Colonial Pipeline disaster, DarkSide, for example, suspended all operations. The incident appeared to catch the gang off guard, and they even made a formal apology for the “social implications” of their actions. Members of the gang may have just rebranded as an entity called BlackMatter, which resurfaced on the scene weeks after DarkSide vanished, carrying comparable weapons and methods, according to US cybersecurity specialists. The state department’s reward is likely to apply to them as well.