US Government Offers $10m Bounty For Colonial Pipeline Hackers

DarkSide criminals who hacked Colonial Pipeline are firmly in American crosshairs, after $10 million bounty is offered for their ID or location

The criminal hacking group known as DarkSide, which the FBI has previously said is based in Russia, is being actively hunted by US officials.

The US State Department on Thursday announced a reward of up to $10 million for information leading to the identification or location of anyone with a key leadership position in DarkSide.

“In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident,” said the US.


Colonial Pipeline

DarkSide it should be remembered were responsible for a devastating cyberattack on Friday 7 May on a major pipeline (Colonial Pipeline) in the United States, which caused widespread fuel shortages and panic buying along the US east coast.

Indeed, so serious was the attack that the US government engaged emergency powers and US President Joe Biden received “personal briefings” about the cyberattack.

And the attack brought ransomware attacks into the public light and they dominated the face-to-face meeting in June between Biden and Russia’s President Vladimir Putin.

Biden reportedly promised Putin ‘retaliation’ if Russia attacks a list of 16 ‘critical’ facilities in America.

Ransom paid

And to make matters worse, the management of Colonial Pipeline actually paid the DarkSide hackers to restore its systems.

The CEO of the firm, Joseph Blount, weeks later confirmed that he had authorised a ransom payment of $4.4 million (75 Bitcoin).

He said they had authorised the ransom payment, because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back.

This decision to pay the criminals goes against law enforcement and security professional advice.

Harbouring criminals

Security researchers at London-based Eliptic subsequently identified the Bitcoin digital wallet used by DarkSide to extract ransoms from their victims.

Elliptic also revealed DarkSide and its affiliates had bagged at least $90 million in bitcoin ransom payments in total from various ransomware victims.

But in a twist, the US DoJ in June confirmed it had seized most of the ransom paid to the DarkSide criminals.

The US state department also had a coded message intended for the Russian government.

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” the department said in a statement on Thursday.

“The United States looks to nations who harbour ransomware criminals that are willing to bring justice for those victim businesses and organisations affected by ransomware,” it added.

Former British Foreign Secretary Dominic Raab has publicly warned Russia it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.

Long shot

Meanwhile a security expert said the $10 million reward demonstrated the FBI determination to track down DarkSide, despite them being known for covering their tracks.

“DarkSide are a very sophisticated and dangerous cybercriminal group who go to extreme lengths to hide their tracks, or even not make any tracks to follow in the first place,” noted Jake Moore, cybersecurity specialist at ESET.

“When such tactics leave the FBI struggling to piece any clues together, it is not unheard of to start offering rewards,” said Moore. “These high rewards may encourage people to hand over pieces of information to the authorities, but it is still a long shot.”

“Cybercrime groups often work in silo with remote capacities where they do not even know the true identities of their colleagues in order to reduce the risk of capture,” said Moore. “Many gangs operate online across the dark web to evade being detected.”