In Might, a ransomware assault shut down a pipeline carrying 45 p.c of the gasoline used on the US East Coast. The Colonial Pipeline incident led to panic shopping for and heightened fears in regards to the risk posed by easy hacks to nationwide infrastructure. Now, the US State Division is providing a bounty of as much as $10 million to anybody who can provide the “identification or location” of the leaders of the group accountable — an outfit referred to as DarkSide.
Along with the $10 million bounty, the state division is providing a reward of as much as $5 million for data resulting in the arrest or conviction “of any particular person conspiring to take part in or making an attempt to take part in a DarkSide variant ransomware incident.” What precisely meaning isn’t clear. Is a “DarkSide variant ransomware incident” one which includes the group’s hacking instruments? What if the software program has been altered barely? It appears intentionally ambiguous, permitting the State Division to forged as broad a web as potential.
The provide is the newest instance of the US utilizing financial rewards to attempt to struggle severe cybercrime. These bounties are provided below the Rewards for Justice (RfJ) program, which was initially established in 1984 to focus on worldwide terrorism. The US evidently thinks cybercriminals now warrant the identical degree of consideration and, in July, the State Division started providing bounties of as much as $10 million by RfJ for data on people who take part in “malicious cyber actions in opposition to US essential infrastructure.”
(For anybody , the State Division has a Tor-based tip line, accessible at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. This URL requires the usage of a Tor browser and gained’t work with strange browsers like Chrome or Firefox.)
The ambiguous nature of the State Division’s newest bounty is said to the fluid nature of hacking teams. These outfits can dissolve and reform below completely different monikers and identities as simply as somebody creating a brand new username, however they usually use associated strategies and software program that can be utilized to hint a standard lineage.
DarkSide, for instance, ceased all actions after the Colonial Pipeline incident. The group appeared caught off-guard by the magnitude of the assault, and even issued a proper apology for the “social penalties” of what they did. However in response to US cybersecurity specialists, members of the group might have merely rebranded as an outfit named BlackMatter, which appeared on the scene weeks after DarkSide dropped off the radar, wielding related weapons and techniques. Presumably, the state division’s bounty will apply to them, too.