US Offers $10m Reward For MOVEit Attackers

Written by

The US Department of State has offered a $10m reward for information linking members of a Clop affiliate responsible for a recent data extortion campaign to a foreign government.

Using the #StopRansomware hashtag, the department issued the announcement as part of its Rewards for Justice initiative. Launched in 1984, the program is designed to boost national security by soliciting information on terrorists, North Korean activity, cyber-threat actors and election interference.

Read more on Rewards for Justice: US Doubles Reward for Info on North Korean Hackers.

“Do you have info linking CloP ransomware gang or any other malicious cyber actors targeting US critical infrastructure to a foreign government?” the post reads. “Send us a tip. You could be eligible for a reward.”

The news follows a successful Clop campaign targeting users of the popular MOVEit managed file transfer service. After exploiting a zero-day vulnerability in the software, the group claim to have compromised data belonging to hundreds of organizations.

Alongside big brand names like British Airways, Boots and the BBC, several US government agencies are thought to have been caught in the campaign, in which the Clop affiliate is attempting to extort money from the victims, threatening to leak their stolen data if they don’t pay up.

Sources told the Federal News Network that tens of thousands of US government workers may have had their personal information compromised as a result.

However, the identity of most of the impacted agencies is yet to be made public. The Department of Energy is the only concrete name revealed so far, with one source telling the news site that more will follow, as MOVEit Transfer is used by many agencies.

However, director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, tried to diffuse national security concerns late last week.

“Based on discussions we’ve had with industry partners in the Joint Cyber Defense Collaborative, these intrusions are not being leveraged to gain broader access to gain persistence into targeted systems to steal specific, high value information,” she reportedly said.

“As we understand it, this attack is largely an opportunistic one.”

What’s hot on Infosecurity Magazine?