The State Department on Thursday announced two multi-million dollar rewards for information pertaining to DarkSide, the hacking group the FBI has blamed for the Colonial Pipeline attack earlier this year.

What You Need To Know

  • The State Department is offering up to $10 million for information leading to the location or identification of any individual who holds a “key leadership position” in the hacking group DarkSide 

  • There is also a reward up to $5 million for information that leads to the arrest or conviction of any individual in any country who participated in or attempted to participate in a DarkSide hacking campaign

  • The FBI has blamed DarkSide for the Colonial Pipeline ransomware attack earlier this year; officials believe DarkSide is based in Russia, and is likely one of many cybercrime units operating out of the country

  • The monetary incentives announced Thursday come as the Biden administration increasingly cracks down on malicious hackers and cybersecurity weaknesses nationwide

The department is offering up to $10 million for information leading to the location or identification of any individual who holds a “key leadership position” in DarkSide. 

The department is also offering up to $5 million for information that leads to the arrest or conviction of any individual in any country who participated in or attempted to participate in a DarkSide hacking campaign. 

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” officials wrote in a statement. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.” 

The monetary incentives come as the Biden administration increasingly cracks down on malicious hackers and cybersecurity weaknesses nationwide. 

Though not a new phenomenon, ransomware attacks — in which hackers lock up and encrypt data and demand often-exorbitant sums to release it to victims — have exploded in the last year with breaches affecting vital infrastructure and global corporations.

The Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, paid more than $4 million after a May attack that led it to halt operations, though the Justice Department clawed the majority of it back by gaining access to the cryptocurrency wallet of the culprits.

Officials believe DarkSide is based in Russia, and it is likely one of many cybercrime units operating out of the country. 

According to a report published in October, Russia made up 58% of the hacking detected by Microsoft over the course of the past year. The groups mostly targeted government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.

Of the identified Russian-backed hacking groups, one of the more prolific is Cozy Bear, which Microsoft calls Nobelium. 

The group was behind the SolarWinds hack, which went undetected for most of 2020 and whose discovery badly embarrassed Washington. Among badly compromised U.S. government agencies was the Department of Justice, from which the Russian cyber spies exfiltrated 80% of the email accounts used by the U.S. attorneys’ offices in New York.

In an interview with the Associated Press this week, Deputy Attorney General Lisa Monaco said the U.S. continues to endure a “steady drumbeat” of attacks despite President Joe Biden’s admonitions last summer to Russian counterpart Vladimir Putin. 

Monaco said that “in the days and weeks to come, you’re going to see more arrests,” more seizures of ransom payments to hackers and additional law enforcement operations.

“If you come for us, we’re going to come for you,” Monaco added. She declined to offer specifics about who in particular might face prosecution.