US offers $10m for information on Clop gang

US offers $10m for information on Clop gang

Image:
US offers $10m for information on Clop gang

The Clop ransomware group has become the latest cyber threat group to attract a bounty from the US government.

In this dubious distinction, the gang, thought to be behind multiple recent incidents of data theft, joins other cyber crime and state-supported groups such as Conti, Sandworm, REvil and Evil Corp.

Under its Rewards for Justice (RFJ) programme, the US State Department is offering $10 million for information linking the Clop ransomware attacks to a foreign government.

https://twitter.com/RFJ\\_USA/status/1669740545403437056?ref\\_src=twsrc%5Etfw

"Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government?" the State Department tweeted from its RFJ account. "Send us a tip. You could be eligible for a reward."

The line between threat actors and governments is not always clear. Some groups, such as Sandworm, have strong links to state organisations, in that case Russia's GRU, while with others any connections are hazy.

Clop (or CL0P, aka TA505) is a Russian-speaking gang that claims it has attacked hundreds of organisations through a flaw in Progress Software's MOVEit file transfer application. Last week, several US federal government agencies, including the Department of Energy, were compromised, according to US Cybersecurity and Infrastructure Security Agency (CISA).

While CISA downplayed the attacks, saying they were likely about monetary reward than state-sponsored activity, and did not mention Clop by name, the US government clearly suspects that the Russian government may have had a hand in them.

The Clop gang has stated on its website that any data taken from government agencies would be deleted. On the other hand, it threatened to publish sensitive data stolen from companies and corporations including BA, the BBC, Shell and Johns Hopkins University if ransom payments are not forthcoming.

Last week, the gang started publishing the names of victims on its dark web site in an effort to pressurise them into paying.

RFJ was created in 1984 originally as a counterterrorism initiative, rewarding providers of information leading to the arrest or identification of foreign entities or individuals wanted by the US state.