Cyber Crime

US DoS offers a reward of up to $10M for leaders of REvil ransomware gang

The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation

The Department of State offers up to $10 million for information that can lead to the identification or location of individuals in key leadership positions in the REvil/Sodinokibi ransomware operation. The US government also offers $5 million for information that can lead to the arrest of affiliates.

This reward is being offered as part of the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

“The Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group.” reads the announcement published by the Department of State. “In addition, the Department is offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.”

REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers, it asked $70 million worth of Bitcoin for decrypting all impacted systems.

The group is a rebrand of the GandCrab ransomware operation that took place in 2019 to evade law enforcement.

The list of victims of the REvil ransomware gang includes CoopJBS, GSMLawKenneth Cole, and Travelex.

The announcement explicitly refers “Sodinokibi variant ransomware,” this means that reward will also apply in case the REvil gang will rebrand in the future.

Today, The US Department of Justice has also charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4.

The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8 while he was trying to enter Poland.

A few days ago, the US government also announced that it is offering up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members.

“The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.” reads the official announcement published by the US Department of Statement. “In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”

The US Department of Statement also offers a $5,000,000 reward for information leading to the arrest of individuals who attempt to participate in a Darkside attack or an attack that is launched by one of its rebranded operations, such as BlackMatter.

Like the reward offered for information on DarkSide ransomware members, the amount rewarded for information depends on the person’s role in the REvil/Sodinokibi operation.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

18 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.