The United States announced a $10 million reward Thursday for help finding leaders of the high-profile ransomware gang DarkSide, authorities’ latest try at combating spiking cyber-extortion attacks.
Washington blamed the Russia-based group for the online assault that forced the shutdown of the largest oil pipeline in the eastern United States in May.
Cyber-extortion heists involve breaking into a company or institution’s network to encrypt its data, then demanding a ransom, typically paid via cryptocurrency in exchange for the digital key to unlock it.
“In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals,” said a US State Department statement.
Washington also offered a $5 million bounty for information leading to the arrest or conviction in any country of anyone who tries to join in an attack with DarkSide.
Despite the temptation potentially provoked by the sums, not all cyber-security experts were convinced the rewards would be effective in unmasking hackers.
“Absent a bounty hunter willing to travel to their jurisdiction, put their unconscious body in a bag and dumping it at the nearest US embassy, I doubt this will have much of an impact,” said John Bambenek at Netenrich, an IT and security operations company.
“To be fair, it certainly won’t hurt either,” he added.
Cyber crimes have been booming, with new data out in October showing $590 million in ransomware-related payments were reported to US authorities in the first half of 2021 alone.
The figure is also 42 percent higher than the amount divulged by financial institutions for all of 2020, the US Treasury report said, and there are strong indicators the true cost is likely in the billions.
Companies and institutions face intense pressure to pay up in order to get their data unlocked, but also to keep the attack from potentially angry clients and authorities who issue stern warnings not to give cash to criminals.