DarkSide, the ransomware group responsible for the Colonial Pipeline hack which saw 75 Bitcoin, worth some $4.4 million worth at the time, being paid by the oil pipeline firm, is now the subject of a bounty promoted by the U.S. Department of State.
According to a press release by the Department, a reward of up to $10,000,000 for “information leading to the identification or location of any individual(s) who hold(s) a key leadership position” from DarkSide, which it further described as a “ransomware variant transnational organized crime group.”
Further, the Department is also offering half of the initial bounty: $5,000,000 for information leading to the arrest of individuals or groups “conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”
The Colonial Pipeline hack was a ransomware incident that transpired sometime in May 2021, leading to the oil pipeline firm shutting down its 5,500-mile pipeline which serviced 45% of the fuel used for the East Coast region of the U.S.
The Department says that its initiative to catch and arrest those responsible for the incident was a gesture of its “commitment to protecting ransomware victims around the world from exploitation by cyber criminals.”
DarkSide’s affiliation with its supposed clientele does not directly link it as a proper threat actor, though, given its operative secrecy. According to Brian Krebs, an information security analyst, the group first surfaced on Russian language hacking forums sometime in August 2020, and operates as a ransomware-as-a-service platform that even vetted cybercriminals may use to infect companies with ransomware.
“DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits.” adds Krebs.
In response to the Colonial Pipeline hack, the DarkSide group claims that it does not “participate in geopolitics” hence there was no “need to tie us with a defined government and look for other motives.”
“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” DarkSide explained.
Despite these claims, the U.S. Department of State appears resolute in its decision to pursue the hacking group. The reward for the information leading to the arrest of any key persons from the group will be managed under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), which has, to date, indicted over 75 transnational criminals and major narcotics traffickers since its inception in 1986, with over $135 million in rewards disbursed.