WANTED: OWNERS/OPERATORS/AFFILIATES OF THE DARKSIDE RANSOMWARE AS A SERVICE REWARD OF UP TO $10 MILLION
NAME: DarkSide Ransomware as a Service (RaaS)
NATIONALITY: Various (Unknown)
CITIZENSHIP: Various (Unknown)
The U.S. Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the DarkSide ransomware variant transnational organized crime group. In addition, a reward offer of up to $5,000,000 is offered for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide ransomware incident.
The DarkSide ransomware variant appeared initially in August 2020 and was used to rapidly launch a global ransomware campaign in more than 15 countries that targeted multiple industry sectors, including financial services, legal services, manufacturing, professional services, retail, and technology. The DarkSide ransomware group was responsible for the Colonial Pipeline Company ransomware incident in May 2021, which led to the company’s decision to proactively and temporarily shut down the 5,500-mile pipeline that carries 45 percent of the fuel used on the East Coast of the United States. In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals.
Ransomware is a type of malicious software, or malware, that prevents a user from accessing computer files, systems, or networks until a ransom is paid for their return. Ransomware incidents can cause costly disruptions to operations and lead to the loss of critical information and data. DarkSide ransomware operates as a service wherein the extortion profit is shared between the RaaS owners and their affiliates. The affiliates are the entities that actually execute the computer intrusion and deploy the ransomware. Each affiliate uses its own intrusion method and negotiates the terms of the ransom demands with the victim.
FBI does not support the payment of a ransom in response to a ransomware attack. Paying ransom demands encourages more ransomware attacks and provides an incentive to become involved in this type of illegal activity. If you are the victim of a ransomware incident, please visit stopransomware.gov.
If you have information, please contact the FBI at +1-800-CALL-FBI via telephone/text/WhatsApp, or by email at https://Tips@fbi.gov. If you are located outside of the United States, please contact the nearest U.S. Embassy/Consulate. If in the United States, please contact the local FBI office in your city.
ALL IDENTITIES ARE KEPT STRICTLY CONFIDENTIAL.
Government officials and employees are not eligible for rewards.