$10 million reward offered for Information on leaders of DarkSide ransomware group

In a press statement released on Thursday, the US Department of State announced a $10 million dollar reward for any information on the identity of the leaders of notorious ransomware group DarkSide. They also offered a reward of $5 million for any information leading to the arrest of DarkSide affiliates. 

Ned Price, Department of State spokesperson, said “In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals. The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.” 

Price states in the press release that the DarkSide group was responsible for the ransomware attack on the Colonial Pipeline earlier this year. This particular ransomware attack caused the Colonial Pipeline Company to “temporarily shut down the 5,500-mile pipeline that carries 45 percent of the fuel used on the East Coast of the United States”. 

The reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). The TOCRP is a program designed to “disrupt and dismantle transnational organized crime globally, including cybercrime.” The $5 million reward for DarkSide affiliates will be rewarded to information leading to the arrest of those connected to DarkSide in any country. 

Colonial Pipeline Hack 

In May this year, Russian-based ransomware group DarkSide group shut down operations on the Colonial Pipeline, causing nationwide disruption to the fuel supply chain. The attack compromised the Colonial Pipeline Company’s billing system, causing the company to halt operations. 

During the attack, DarkSide stole 100 gigabytes of data from the Colonial Pipeline Company, and asked for a ransom in exchange for the information. The Colonial Pipeline Company is reported to have paid DarkSide group a ransom of 75 bitcoin, or roughly $5 million, for the decryption tool that would allow them to  

The attack was one of a number that occurred against key areas of US infrastructure earlier this year. 

DarkSide Group 

DarkSide is a Ransomware as a Service (RaaS) group based in Russia. Affiliates of DarkSide group are granted access to bespoke ransomware developed by DarkSide in exchange for a cut of the ransom. 

This particular ransomware group has been behind a number of high-profile ransomware attacks over the past two years, including the ransomware attack on the Colonial Pipeline Company. 

Possibly due to the scope and exposure of the Colonial Pipeline attack, DarkSide shut down its RaaS program shortly after. Following the attack, the ransomware group announced that some of their servers had been seized in an unspecified country, which was likely what prompted the group to split up.