SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity experts weigh in on U.S govt's $10 million reward for info on DarkSide ransomware group
Tue, 9th Nov 2021
FYI, this story is more than a year old

The U.S. government is offering up to $10 million for information that can help trace the leaders of the Russia-linked DarkSide ransomware group.

DarkSide was the culprit behind the ransomware attack on Colonial Pipeline earlier this year, which saw the company to pay a $4.4 million ransom.

Another award of up to $5 million is available for information that results in the arrest of anyone attempting an attack using ransomware from DarkSide.

The news comes amid increased tensions between President Biden and Vladimir Putin as Russian hackers continue to breach U.S. organisations.

Danny Lopez, chief executive at Glasswall, says financial incentive from government entities could be a crucial step in combating the wave of ransomware attacks from DarkSide and related groups.

"Bounties encourage collaboration and intelligence sharing, which increases jeopardy for the attacker and may cause them to think again," he says.

"This latest policy move, plus the administration's earlier executive orders on the subject, show that federal cyber leaders are pushing for a more secure future for the U.S.

"Previous EOs have emphasised the importance of stronger multi-factor authentication and encryption, which we applaud. These are critical elements in an effective cybersecurity stack, but an overarching zero trust approach will take businesses, government agencies and critical infrastructure organisations proactive protection to the next level," says Lopez.

"Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network," he says.

"Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside. If more security teams turn to this approach, fewer attacks and payments will need to be reported."

Neil Jones, cybersecurity evangelist, Egnyte, says the US government's $10 million reward for DarkSide leaders demonstrates the ability of ransomware to cripple global supply chains and grind business productivity to a halt.

"To put the size of that reward into perspective, the United States offered a $25 million reward for the capture of the late Osama bin Laden, which would be approximately $39 million today.

"I am particularly heartened by the US government's decision to offer $5 million for information that results in the arrest or conviction of those who perpetrate attacks that are powered by DarkSide's ransomware," he says.

"To protect themselves, organisations should utilise ransomware detection technology, educate their employees about the danger of clicking on phishing emails and leverage Defense in Depth solutions such as Multi-Factor Authentication (MFA). The best ransomware payment is the one that your company never makes."

Steve Moore, chief security strategist, Exabeam, adds, "This offer for bounty represents a continuation of a position made back in July 2021 on bug bounties now it seems we have criminal adversary bounties.

"This is no different than a bounty on the head of a warlord or traditional criminal just the cyber version," he says.

"I believe that the Biden administration calls out DarkSide specifically due to their desire to manipulate the victims stock price and the additional stress it could represent on financial markets," Moore says.

"In April of this year, they bragged about having access to companies who trade on NASDAQ and other exchanges. If payment isn't received, they will release information before their earnings statements are made, allowing those in the know to profit by shorting the stock."