State Department offers $10 million reward for help identifying DarkSide ringleaders

The bounty comes some six months after the group breached Colonial Pipeline, vaulting ransomware into the public consciousness.
(Getty Images)

The State Department on Thursday announced a $10 million bounty for information on the location of leaders of the DarkSide ransomware gang, and $5 million for information that leads to the arrest or conviction of any affiliates of the group.

DarkSide in May hacked fuel provider Colonial Pipeline, forcing the company to shut down its operations, resulting in panic-buying at gas stations in some areas of the U.S. ahead of Memorial Day weekend. The Justice Department retrieved $2.3 million of the nearly $5 million ransom payment Colonial Pipeline made to the Russian-speaking hackers.

“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cybercriminals,” State Department spokesperson Ned Price said in a statement. “The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware.”

Only the Secretary of State is authorized to approve a payment, the department said in a statement.


“The status of a reward payment is not made public to protect the integrity and identity of those individuals furnishing the information,” a State Department spokesperson said in an email. “Depending on the information provided, multiple rewards may be paid out for a single designated target.”

The State Department has identified at least forty U.S. victims of the group since October 2020, according to the spokesperson.

DarkSide, which is believed to be located out of Russia, has been largely dormant in recent months. Multiple research firms believe that BlackMatter, a group behind recent attacks on the agriculture industry, may have links to DarkSide. That could potentially put the group’s affiliate in the crosshairs of the new bounty. However, BlackMatter on Nov. 4 claimed to be shutting down under pressure from law enforcement.

The Treasury Department in July launched a reward program for information on ransomware actors engaged in attacks against U.S. critical infrastructure as part of a larger push by the Biden administration to take on cyber threats. It’s unclear if the program has led to any payouts so far.

Updated 11/5/21: With comment from the State Department.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts