Image: 金 运 (unsplash)
Yesterday, an announcement from the U.S. State Department’s Rewards for Justice program surfaced, revealing the offering of a bounty worth up to $10 million for any information that connects the foreign government to the Clop ransomware assaults.
The Rewards for Justice Twitter account posted an appeal for information regarding the CL0P Ransomware Gang or any other cyber malefactors targeting U.S. critical infrastructure, implying a potential reward for any helpful tips.
The Rewards of Justice (RFJ), a program within the U.S. Department of State, is known for its provision of monetary rewards to individuals who can supply information about threat actors or attacks that pose a risk to the USA’s national security.
Initially, the program’s main aim was to collect information regarding terrorists that targeted U.S. interests. However, it has broadened its scope over time, now encompassing information on cyber criminals, such as those involved with the Conti ransomware operation, Russian Sandworm hackers, REvil ransomware, and the Evil Corp hacking group.
The most recent bounty offered by RFJ comes in the wake of the Clop ransomware executing data-theft attacks worldwide by exploiting a zero-day vulnerability in the MOVEit Transfer security file transfer platform.
The series of attacks began on May 27th, during the long U.S. Memorial Day holiday, with the Clop ransomware group boasting about having extracted data from hundreds of companies.
This week saw the initiation of the Clop group’s extortion scheme, as it started listing the names of various companies on a data leak site, threatening to leak their data unless the demanded ransom was met.
At the same time, reports surfaced, first from CNN, detailing breaches at numerous federal agencies, including the Department of Energy. These reports suggested that during these attacks, data was likely stolen.
Earlier this month, the Clop threat actors communicated with BleepingComputer, stating that any data obtained from governments was immediately discarded. This claim was echoed this week in a message on their Tor data, emphasizing their financial motivation, rather than any political interests.
The Clop data leak site posted a message stating: “We have received many inquiries about government data, but we don’t possess any such data. Whenever we come across unencrypted files on poorly protected file transfer systems, we always opt to delete all data.”
While the threat actors profess to discard any stolen government data, there is no concrete evidence to support their claim.
Hence, federal agencies must proceed on the basis that the stolen data could potentially be misused or might fall into the hands of foreign governments.
By offering a substantial reward, the Rewards for Justice program aims to avert future attacks. They hope to encourage people, including potential informants from within the threat actor community, to provide tips about the Clop operation.
For those wishing to submit a tip, the State Department has established a dedicated Tor SecureDrop server, which can be utilized to pass on information about Clop and other threat actors.