The Department of State announced a $10 million reward for information leading to the "identification or location" of leaders of the DarkSide ransomware group. A smaller $5 million bounty was placed on "any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident."
DarkSide was an affiliate ransomware program best known for the Colonial Pipeline attack in May, which temporarily shut down the largest fuel distribution network along the East Coast. The program went dark after the attention it received for the attack, later relaunching as BlackMatter. BlackMatter announced it would close operations earlier this week.
"In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals [sic]. The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware," wrote State spokesman Ned Price in a press statement.
The reward will be handled through the State Department's Transnational Organized Crime Rewards Program (TOCRP).
DarkSide's abrupt exit after Colonial Pipeline left many of its affiliates in the lurch, as will this week's exit. Coding error's in both DarkSide and BlackMatter meant that Emsisoft was able to circumvent negotiations and decrypt victim's systems without payment, costing affiliates "tens of millions" of dollars.
"I wonder whether the former Darkside/BlackMatter affiliates who...lost millions and millions of bucks due to the gang's ineptitude, will be tempted by this cash? Hmm," tweeted Emsisoft's Brett Callow, linking to Nicole Perlroth's New York Times story on his firm's BlackMatter decryptor.