Tracking down cybercriminals is an incredibly difficult task, given the nature of how they operate.
They attempt to live in the shadows, seldom give away their true identities or locations, and regularly disappear into the deep, dark web.
But what if they turn on each other to reveal those secrets?
Massive reward to turn in DarkSide ransomware leaders
If you worked with—or competed against—other cybercriminals and found out you could make millions by revealing their identities, would you do it?
The United States is trying to help that concept along, with two huge bounties being offered.
"The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.
In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident."
DarkSide is the cyber gang responsible for the 2021 Colonial Pipeline ransomware attack that disrupted fuel distribution across the East Coast of the U.S., leaving thousands unable to get gas for their cars.
These hefty rewards are being offered by the State Department's Transnational Organized Crime Rewards Program (TOCRP). The TOCRP has brought more than 75 transnational criminals to justice since 1986, and has paid out more than $135 million in rewards.
Ransomware gangs have more hackers who might turn them in
The U.S. is obviously hoping someone will sell out the DarkSide group for legitimate reward money.
And ransomware operators currently have more partners in crime than they ever have, because of the rise in ransomware-as-a-service (RaaS).
Jake Williams, Co-Founder and CTO at BreachQuest, says the current ransomware business model provides more opportunity for disruption:
"This is a significant move by the State Department and honestly one that's overdue.
As ransomware operators have adopted an affiliate model for operations, the number of people they must place trust in, even at arm's length, has increased dramatically. With rewards this large, there's a substantial incentive for these criminals to turn on one another.
Perhaps more importantly than the specific impacts to DarkSide, this action undermines trust across the ransomware as a service affiliate model.
This is especially good timing since it capitalizes on the recent REvil infiltration by law enforcement. The law enforcement action against REvil in July already caused significant trust issues among operators. This drives that wedge deeper and will extend far beyond DarkSide (rebranded to BlackMatter and supposedly shut down this week)."
It will certainly be worth watching to see how this move impacts DarkSide's operations, as well as other cyber gangs.
And if it does work, we'll add this to the growing list of wins in the battle against ransomware that SecureWorld is tracking.
For more information, you can read the statement from the Department of State.