RansomwareU.S. Offers Reward for Information on Russian DarkSide Cybercrime Group

Published 5 November 2021

The United States has announced a reward of up to $10 million for information leading to the identification or location of any individual holding a “key leadership” position in DarkSide, a cybercrime group believed to be tied to Russia.The DarkSide syndicate was behind the attack on Colonial Pipeline – the largest publicly disclosed cyberattack against critical infrastructure in the United States.

The United States has announced a reward of up to $10 million for information leading to the identification or location of any individual holding a “key leadership” position in DarkSide, a cybercrime group believed to be tied to Russia.

The State Department said in a statement on November 4 that it was also offering a reward of up to $5 million for information leading to the arrest or conviction in any country of an individual “conspiring to participate in or attempting to participate” in a DarkSide ransomware incident earlier this year.

The FBI identified the DarkSide syndicate behind the largest publicly disclosed cyberattack against critical infrastructure in the United States.

The group disbanded after its ransomware attack on Colonial Pipeline disrupted fuel service to the U.S. East Coast for six days in May.

Colonial Pipeline officials eventually paid a ransom of more than $4 million. The Justice Department later said it had recovered most of the bitcoin ransom.

At the time, President Joe Biden said that U.S. officials do not believe the Russian government was involved in the hack but added: “We do have strong reason to believe that the criminals who did the attack are living in Russia. That’s where it came from.”

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” the State Department said in its statement.

It added that the United States “looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”

In September, another ransomware attack believed to be the work of Russian hackers forced an association of corn and soy farmers based in the U.S. state of Iowa to take its systems offline.

The attack was attributed to a group called BlackMatter, which security researchers believed may be a reconstituted version of DarkSide.

This article is reprinted with permission of Radio Free Europe/Radio Liberty (RFE/RL).