The U.S. government is determined to eliminate the growing cyberattacks and cybercrime affiliates in the country. The U.S. Department of State recently announced a $10 million bounty for information on the activities or location of the DarkSide ransomware group or any of its associates. The Department also declared a reward of $5 million for tipoffs or clues leading to the arrest of any participants in a DarkSide group’s activities.
The proposed reward is provided under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), which aims to dismantle transnational organized criminal groups. More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The Department has paid more than $135 million in rewards to date.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cybercriminals. The U.S. looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware,” the Department said.
Why DarkSide Ransomware Group?
The DarkSide ransomware operators are responsible for the infamous cyberattack on Colonial Pipeline in May 2021, which disrupted the company’s pipeline operations that carry over 45% of the fuel to the East Coast of the U.S.
The DarkSide attackers have extended their reach globally by targeting companies in various sectors. The group is suspected to be involved in the recent ransomware attack on the Japanese tech giant Toshiba. Experts found that the malware variants used in this attack are similar to those used in the Colonial pipeline hack. The DarkSide group reportedly infected nearly 99 organizations with the DarkSide malware, with an average ransom payment of $1.9 million. The group extracted over $90 million in ransom in Bitcoin from 47 victims.
Exit > Rebrand > Re-enter
The latest announcement from the State Department also applies to DarkSide rebrands, including the most recent BlackMatter group. Once identified, cybercriminal groups often cease their operations and return with different names and ransomware variants. After the attack on Colonial, the DarkSide group encountered severe scrutiny from international law enforcement authorities. However, reports suggest that DarkSide group continued its operations by rebranding itself as BlackMatter.
The BlackMatter group also recently announced that it is shutting down operations, citing pressures from law enforcement authorities. Active since July 2021, BlackMatter offered ransomware-as-a-service (RaaS), targeting several critical infrastructures in the U.S., and demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero. While BlackMatter operators have not revealed much about their shutdown, the cybersecurity community opined that the recent cybersecurity initiatives from the Biden Administration may have forced the group to shut shop.