In a significant escalation in the fight against cyber crime, the US State Department's Rewards for Justice (RFJ) program has unveiled a reward of up to $10 million for information connecting the recent Clop ransomware attacks to a foreign government.
The bounty initiative comes hot on the heels of a series of disruptive cyber attacks orchestrated by the Clop ransomware group that began last month.
These attacks targeted global enterprises by exploiting a zero-day vulnerability in the MOVEit Transfer security file transfer platform, leading to data breaches in hundreds of companies.
The perpetrators have begun listing victim companies on a data leak website, threatening to publish stolen information unless a ransom is paid.
Concurrently, reports have emerged that numerous US federal agencies, including the Department of Energy, have been compromised during these attacks, raising fears over potential data theft.
Advisory from @CISAgov, @FBI: https://t.co/jenKUZRZwtDo you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting US critical infrastructure to a foreign government?
Send us a tip. You could be eligible for a reward.#StopRansomware pic.twitter.com/fAAeBXgcWA
— Rewards for Justice (@RFJ_USA) June 16, 2023
"No political interest"
RFJ is a longstanding initiative of the US Department of State that offers financial incentives for valuable intelligence concerning threats to US national security.
Originating as a program to gather information on terrorist activities, it has evolved to encompass cyber threats, covering notorious groups such as the Conti ransomware operation, Russian Sandworm hackers, REvil ransomware and the Evil Corp hacking group.
Clop threat actors have publically stated to have deleted any government-related data immediately after the breach, emphasising that their operations are solely financially driven and have no political interest.
"We got a lot of emails about government data, we don't have any government data and anything directly residing on exposed and badly protected, not encrypted file transfer, we still do the polite thing and delete all," a message on the Clop data leak site read.
Despite these assurances, the lack of verifiability prompts federal agencies to operate under the assumption that stolen data could be misused or fall into the hands of foreign governments.
The RFJ program aims to impede further attacks by encouraging individuals, including potential insider threat actors, to submit valuable information regarding the Clop operation for a significant financial reward.
To facilitate the process of tipping, the State Department has established a dedicated Tor SecureDrop server to enable the safe and secure submission of information about Clop and other cyber threat actors.