Piles of money with Department of State logo

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government.

"Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward," tweeted the Rewards for Justice Twitter account.

Rewards of Justice (RFJ) is a U.S. Department of State program that offers monetary rewards for information on threat actors and attacks impacting the national security of the USA.

Initially launched to gather information on terrorists targeting U.S. interests, the program has since expanded to include information on cyber criminals, such as the Conti ransomware operationRussian Sandworm hackersREvil ransomware, and the Evil Corp hacking group.

Data breaches at U.S. federal agencies

This new RFJ bounty comes after the Clop ransomware conducted data-theft attacks on companies worldwide using a zero-day vulnerability in the MOVEit Transfer security file transfer platform.

The attacks started on May 27th, over the long U.S. Memorial Day holiday, with the Clop ransomware gang claiming to have stolen data from hundreds of companies.

This week, Clop began extorting companies by listing their names on a data leak site, promising to start leaking data if a ransom was not paid.

Clop message on MOVEit Transfer attacks
Clop message on MOVEit Transfer attacks​​​

At the same time, CNN first reported that numerous federal agencies, including The Department of Energy, were breached during these attacks, with data likely stolen.

The Clop threat actors told BleepingComputer earlier this month that any data stolen from governments was immediately deleted. They reiterated these claims this week in a message on their Tor data, saying they are only financially motivated and are not interested in politics.

"We got a lot of emails about government data, we don't have any government data and anything directly residing on exposed and bad protected not encrypted file transfer we still do the polite thing and delete all," reads a message on the Clop data leak site.

While the threat actors claim to be deleting any data stolen from governments, there is no way to determine if this actually takes place. 

Therefore, federal agencies must make the assumption that stolen data could be abused or potentially acquired by foreign governments.

The Rewards for Justice program hopes to prevent future attacks by enticing people, including other threat actors who may have information about the Clop operation, to submit tips for a million-dollar reward.

To submit a tip, the State Department has set up a dedicated Tor SecureDrop server that can be used to submit information on Clop and other threat actors.

H/T vx-underground

Related Articles:

US offers up to $15 million for tips on ALPHV ransomware gang

Ransomware payments drop to record low of 28% in Q1 2024

Chipmaker Nexperia confirms breach after ransomware gang leaks data

UnitedHealth confirms it paid ransomware gang to stop data leak

US govt sanctions Iranians linked to government cyberattacks