The US State Department is offering up to $10 million for information leading to the identification or location of senior members of a Russian-speaking ransomware gang that forced major US fuel operator Colonial Pipeline to shut down in May.
The announcement Thursday from State Department spokesperson Ned Price also included an offer of $5 million for information leading to the arrest or conviction of anyone who conspires to participate in a hack involving so-called DarkSide ransomware, which was used in the Colonial Pipeline incident.
It’s the latest effort by the Biden administration to put pressure on cybercriminals that have extorted millions of dollars from US companies and threatened critical infrastructure. President Joe Biden in June appealed to Russian President Vladimir Putin to take action against ransomware groups operating from Russia, but it remains to be seen if that will happen.
It’s not the first time the State Department has offered big money to try to catch foreign hackers.
Ahead of the 2020 election, the department said it would pay up to $10 million for information on the identity or location of anyone using “certain illegal cyber activities” to interfere with the vote at the behest of a foreign government.
“We need to use all the tools we have, and this is a good and hopefully effective one,” Christopher Painter, a former top State Department cybersecurity envoy, told CNN.
The Colonial Pipeline incident shut down fuel deliveries to the East Coast of the US for days, prompting long lines at gas pumps in multiple states. It also put ransomware higher on the national security agency for the Biden administration, which since the incident has issued multiple cybersecurity policy directives.
The pipeline company, which delivers an estimated 45% of fuel consumed on the East Coast, paid the hackers $4.4 million to unlock the computers. The Justice Department was able to recover $2.3 million of that money by seizing cryptocurrency assets.
As the Biden administration pressures Russia to curb cybercriminal activity, US law enforcement and their international partners are pursuing suspects outside of Russia.
A 38-year-old Russian man accused of being part of a cybercrime ring that infected US computers with ransomware was extradited from the South Korea to the US last month. He faces computer fraud charges in a federal court in Ohio.
US intelligence agencies have also had a role in the crackdown.
US Cyber Command head and director of the National Security Agency Gen. Paul Nakasone said Wednesday that the US had “conducted a surge” over the past three months to address the threat of ransomware. Nakasone said the US government had been focusing on the sources of funding for ransomware operatives.
Russian government responses are harder to measure.
Chris Inglis, the US National Cyber Director, told lawmakers on Wednesday that the US had seen a “discernible decrease” in Russia-based hacks against US organizations since the Biden-Putin summit, but that it was “too soon to tell” if that lull in some ransomware activity was “because of the material efforts undertaken by the Russians or the Russian leadership.”