The U.S. Department of State is offering a reward of up to $10 million for information leading to identifying or locating any individuals who hold key leadership positions in the DarkSide ransomware gang.

In addition, the State Department is also offering a reward of up to $5 million for information leading to the arrested or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide ransomware incident. The latter is presumably referring to DarkSide affiliates who use DarkSide’s code to undertake ransomware attacks.

The State Department attributed the DarkSide ransomware gang for the attack on Colonial Pipeline Co. in May. The gang announced that it was shutting down the same month.

A successor group to DarkSide that uses the same code called BlackMatter announced yesterday that it was shutting down. Notably, the reason given for BlackMatter shutting down was increased pressure from authorities, with members of the gang possibly having been arrested in Ukraine and Switzerland.

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cybercriminals,” the State Department said. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”

The reward is being offered under the Department of State’s Transnational Organized Crime Rewards Program.

“The U.S. government’s $10 million reward for DarkSide leaders demonstrates the ability of ransomware to cripple global supply chains and grind business productivity to a halt,” Neil Jones, cybersecurity evangelist at cloud backup company Egnyte Inc., told SiliconANGLE. “To put the size of that reward into perspective, the United States offered a $25 million reward for the capture of the late Osama bin Laden, which would be approximately $39 million today.”

Steve Moore, chief security strategist at security management platform provider Exabeam Inc., noted that “this offer for bounty represents a continuation of a position made back in July 2021 on bug bounties – now it seems we have criminal adversary bounties. This is no different than a bounty on the head of a warlord or traditional criminal – just the cyber version.”

There was a consensus among many security specialists that the size of the bounty on offer is noteworthy.

“While there was a similar announcement in July 2021 from the State Department for a $10 million reward in the fight against nation-state activity, this is the first to target an actor explicitly,” said Sean Nikkel, senior cyber threat Intel Analyst at digital risk protection firm Digital Shadows Ltd. “It will be interesting to see if further bounties are offered for other notorious ransomware actors or not, based on the success or failure of this initiative.”

Jake Williams, co-founder and chief technology officer at incident response company BreachQuest Inc., said the move is long overdue.

“As ransomware operators have adopted an affiliate model for operations, the number of people they must place trust in, even at arm’s length, has increased dramatically,” Williams explained. “With rewards this large, there’s a substantial incentive for these criminals to turn on one another.”

Image: Department of State