The U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates.
This bounty is being offered as part of the Department of State's Transnational Organized Crime Rewards Program (TOCRP), which rewards informants for information that leads to the arrest or conviction of individuals in transnational organized crime groups.
Like the reward offered for information on DarkSide ransomware members, the amount rewarded for information depends on the person's role in the REvil/Sodinokibi operation.
The Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group," the Department of State announced today.
"In addition, the Department is offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.
The REvil ransomware gang is responsible for numerous high-profile attacks against Kaseya, JBS, Coop, Travelex, GSMLaw, Kenneth Cole, and Grupo Fleury.
When ransomware gangs attempt to evade law enforcement, they commonly rebrand under a new name. For example, the GandCrab operation rebranded as REvil in 2019 after they began receiving too much attention from the media and law enforcement.
Similarly, other ransomware operations have also rebranded in the past, including:
- DarkSide to BlackMatter
- Maze to Egregor
- Bitpaymer to DoppelPaymer to Grief
- Nemty to Nefilim to Karma
As the Department of Statement announcement states, "Sodinokibi variant ransomware," this reward will also apply to new ransomware operations created by the REvil gang in the future.
Today was also filled with numerous announcements regarding the arrest and indictments of multiple REvil gang members. These arrests included an REvil hacker linked to the Kaseya ransomware attack and the seizure of $6 million in cryptocurrency obtained through REvil ransom demands.
To further disrupt the financial operations of ransomware groups, the U.S. also announced sanctions against the Chatex cryptocurrency exchange for assisting ransomware gangs in laundering and cashing out ransom payments.
Comments
DG1991 - 2 years ago
For me they should include the leaders or at least the members of STOP/DJVU Ransomware gang to further intensify their Investigation about their recent activity and most importantly, the whereabouts :-( . Anyhow God speed and
more power to them (-人-) ╮(╯_╰)╭ .....
diufung - 2 years ago
Agreed, I am one of victims attacked by STOP/DJVU family last month.
All my files are encrypting until now. I want my files back.