In Could, a ransomware assault shut down a pipeline carrying 45 p.c of the gas used on the US East Coast. The Colonial Pipeline incident led to panic shopping for and heightened fears concerning the risk posed by easy hacks to nationwide infrastructure. Now, the US State Division is offering a bounty of up to $10 million to anybody who can provide the “id or location” of the leaders of the group accountable — an outfit often known as DarkSide.
Along with the $10 million bounty, the state division is providing a reward of as much as $5 million for information resulting in the arrest or conviction “of any particular person conspiring to take part in or making an attempt to take part in a DarkSide variant ransomware incident.” What precisely which means isn’t clear. Is a “DarkSide variant ransomware incident” one which includes the group’s hacking instruments? What if the software program has been altered barely? It appears intentionally ambiguous, permitting the State Division to solid as huge a internet as attainable.
The provide is the newest instance of the US utilizing financial rewards to attempt to battle severe cybercrime. These bounties are supplied beneath the Rewards for Justice (RfJ) program, which was initially established in 1984 to focus on worldwide terrorism. The US evidently thinks cybercriminals now warrant the identical stage of consideration and, in July, the State Division started providing bounties of as much as $10 million by RfJ for information on people who take part in “malicious cyber actions in opposition to US important infrastructure.”
(For anybody , the State Division has a Tor-based tip line, accessible at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. This URL requires the usage of a Tor browser and gained’t work with bizarre browsers like Chrome or Firefox.)
The ambiguous nature of the State Division’s newest bounty is said to the fluid nature of hacking teams. These outfits can dissolve and reform beneath completely different monikers and identities as simply as somebody creating a brand new username, however they typically use associated strategies and software program that can be utilized to hint a standard lineage.
DarkSide, for instance, ceased all actions after the Colonial Pipeline incident. The group appeared caught off-guard by the magnitude of the assault, and even issued a formal apology for the “social penalties” of what they did. However in response to US cybersecurity consultants, members of the group may have simply rebranded as an outfit named BlackMatter, which appeared on the scene weeks after DarkSide dropped off the radar, wielding comparable weapons and ways. Presumably, the state division’s bounty will apply to them, too.