US Offers $10m for Russian NotPetya Sandworm Team

The US authorities are offering a multimillion-dollar reward for anyone with information that could identify or locate six members of a notorious Russian state hacking group responsible for NotPetya.

The Department of State’s Rewards for Justice (RFJ) program has pledged up to $10m for information on six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

The six officers – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin – are said to have worked for GRU Unit 74455, also known as Sandworm.

“These individuals were members of the criminal conspiracy responsible for the June 27 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” the State Department notice read.

“These cyber-intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large US pharmaceutical manufacturer, and other US private sector entities. The malicious cyber activities collectively cost these US entities nearly $1bn in losses.”

Back in October 2020, a federal grand jury indicted the six on counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers and aggravated identity theft.

Sandworm has been linked to destructive attacks on a Ukrainian power grid in the past and during the current hostilities. It was also pegged for the prolific Cyclops Blink botnet and its predecessor, VPNFilter.

Last year, the State Department offered a similarly sized reward for information leading to the identification and location of the leaders of the DarkSide ransomware group.

However, it’s unlikely any suspects will be brought to justice as long as they stay within Russia or other countries with no formal extradition treaty with the US.

What’s Hot on Infosecurity Magazine?