State Department offers $10 million for info on ransomware gang

The State Department is offering a reward of up to $10 million for information linking the CL0p ransomware gang that is targeting U.S. networks for a foreign government.

The U.S. government is hunting for the identities behind the cybercriminal gang whose recent victims include the Energy Department and state government networks.

The State Department’s Rewards for Justice program tweeted Friday that it is prepared to offer the multimillion-dollar reward for information revealing the location or identity of people engaged in cyberattacks against U.S. networks at the behest of a foreign government.

“Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip,” the Rewards for Justice account tweeted. “You could be eligible for a reward.”

CL0p is affiliated with cybercriminals who are believed to operate within a former Soviet Union country, but precisely where is unknown.

In 2021, the Health and Human Services Department published an analyst note connecting CL0p to the FIN11 cyber threat group. The analyst note from HHS’ Health Sector Cybersecurity Coordination Center said it learned from cybersecurity firm Mandiant that FIN11 likely works from somewhere within the Commonwealth of Independent States, which includes former Soviet Union countries.

“This assessment is based on FIN11’s avoidance of systems utilizing CIS-country keyboard layouts and the use of Russian-language file metadata,” the analyst note said in 2021. “Researchers believe that FIN11 outsources many of their services via underground, criminal communities.”

The CL0p gang, scrutinized by HHS two years ago, subsequently exploited Progress Software’s MOVEit managed file transfer solution in May, according to a joint cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency.

CISA Director Jen Easterly said last week that the cyberattackers’ actions appeared largely opportunistic, and she downplayed any fears that the hacking campaign represented a systemic risk to U.S. national security.

Congress also wants answers from the Biden administration about precisely what it knows about the cyber breaches afflicting the Energy Department and other U.S. networks.

The House Energy and Commerce Committee’s bipartisan leadership said Friday they want the Biden administration, including the Energy Department, to brief them on the cyberattacks.