US DoS offers a reward of up to $10M for leaders of REvil ransomware gang

Pierluigi Paganini November 09, 2021

The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation

The Department of State offers up to $10 million for information that can lead to the identification or location of individuals in key leadership positions in the REvil/Sodinokibi ransomware operation. The US government also offers $5 million for information that can lead to the arrest of affiliates.

This reward is being offered as part of the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

“The Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group.” reads the announcement published by the Department of State. “In addition, the Department is offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.”

REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers, it asked $70 million worth of Bitcoin for decrypting all impacted systems.

The group is a rebrand of the GandCrab ransomware operation that took place in 2019 to evade law enforcement.

The list of victims of the REvil ransomware gang includes CoopJBS, GSMLawKenneth Cole, and Travelex.

The announcement explicitly refers “Sodinokibi variant ransomware,” this means that reward will also apply in case the REvil gang will rebrand in the future.

Today, The US Department of Justice has also charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4.

The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8 while he was trying to enter Poland.

A few days ago, the US government also announced that it is offering up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members.

“The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.” reads the official announcement published by the US Department of Statement. “In addition, the Department is also offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”

The US Department of Statement also offers a $5,000,000 reward for information leading to the arrest of individuals who attempt to participate in a Darkside attack or an attack that is launched by one of its rebranded operations, such as BlackMatter.

Like the reward offered for information on DarkSide ransomware members, the amount rewarded for information depends on the person’s role in the REvil/Sodinokibi operation.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment