The agency says it will offer up to $10 million for information leading to the identification or location of any individual who "hold a key leadership position in the DarkSide ransomware variant transnational organized crime group."
In addition, State Department officials are offering up to $5 million for information leading to "the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident."
"In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," the agency said in a news release. "The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware."
The rewards are available under the State Department's Transnational Organized Crime Rewards Program (TOCRP). More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The State Department has paid more than $135 million in rewards to date.
DarkSide was held responsible for the hacking of the Colonial Pipeline in May, which temporarily shut down a 5,500-mile pipeline system that carries 45% of fuel consumed on the East Coast. The attack prompted a wave of panic buying at gas stations from consumers in the days that followed.
According to blockchain analytics firm Elliptic, the Colonial Pipeline Company paid hackers an approximately $5 billion ransom payment to get its system back online. In June, the Justice Department recovered approximately $2.3 million of the ransom. DarkSide is believed to have originated in Eastern Europe, likely Russia.
Elliptic said DarkSide reaped over $90 million in Bitcoin ransom payments from 47 victims prior to announcing it would be ceasing operations. However, ransomware attacks have continued to surge this year.
CISA, the FBI and the NSA released an advisory warning last month that BlackMatter, which claims to have incorporated DarkSide's "best features", has targeted multiple organizations considered to be critical infrastructure. According to a recent tweet by vx-underground, the group said it was ceasing operations due to "pressure from the authorities." In addition, sources told Reuters that REvil, another ransomware gang, has been pushed offline as part of a multi-country operation.
Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, according to the the White House.
A study by cybersecurity company BlueVoyant found a whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain. Approximately 93% of respondents admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain. The average number of breaches experienced in the last 12 months grew 37% from 2.7 in 2020 to 3.7 in 2021.
The study, which covered six countries, including the U.S., was based on the views and experiences of 1,200 chief information officers, chief information security officers and chief procurement officers in organizations with more than 1,000 employees across a range of industries, including business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense.