A ransomware attack in May shut down a pipeline that carried 45 percent of the US East Coast's fuel. Panic buying and increased fears about simple hacks to national infrastructure led to the Colonial Pipeline incident. The US State Department now offers a bounty of up $10 million for anyone who can identify the leader of DarkSide, an outfit that is responsible for the attack on the Colonial Pipeline.
The state department will offer a $5 million reward for information leading to an arrest or conviction of anyone who conspires to or attempts to participate or participate in DarkSide variant ransomware incidents. What is a DarkSide variant Ransomware Incident? One that involves hacking tools of the groups? What happens if the software is slightly altered? It appears deliberately vague, which allows the State Department to reach as many people as possible.
Bounties for fighting ransomware
This is just the latest example of the US using financial rewards to fight cybercrime. These bounties are provided under the Rewards for Justice program (RfJ), which was established in 1984 to combat international terrorism. US officials believe cybercriminals deserve the same attention. In July, the State Department offered bounties up to $10,000,000 through RfJ to anyone who provides information about individuals involved in malicious cyber activity against US critical infrastructure.
(For anyone interested, the State Department has a Tor-based tip line, accessible at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. This URL will not work with regular browsers such as Chrome or Firefox.
The State Department's new bounty has an ambiguous nature due to hacking groups' fluid nature. Although these outfits can change their identities and dissolve, they can also use the same methods and software to trace a common lineage.
DarkSide stopped all activity following the Colonial Pipeline incident. The group appeared to be caught unaware by the scale of the attack and issued a formal apology for the negative social consequences. According to cybersecurity experts in the US, the group may have rebranded itself as BlackMatter, a similar outfit that appeared weeks after DarkSide disappeared from radar. They used similar tactics and weapons. They will likely be eligible for the bounty from the state departments.