The US Department of State has announced a reward of $10 million for information that connects individuals affiliated with a group associated with Clop ransomware to a foreign government. The department shared this news through its Rewards for Justice initiative, which was established in 1984 to enhance national security by encouraging the reporting of details related to terrorism, cyber threats, North Korean activities, and election interference.
To raise awareness about this reward, the department used the hashtag #StopRansomware in its announcement. The message posted asks individuals if they possess any information linking the Clop ransomware gang or other malicious cyber actors targeting critical US infrastructure to a foreign government. It urges them to share any tips they may have, as they may be eligible for the reward.
This development follows a recent successful campaign by the Clop group, wherein they targeted users of the widely-used MOVEit managed file transfer service. Exploiting a previously unknown vulnerability in the software, the group claims to have gained access to data belonging to numerous organizations. Notable entities affected by this campaign include British Airways, Boots, the BBC, and various US government agencies. The Clop affiliate is attempting to extort money from these victims by threatening to publicly release the stolen data if the ransom demands are not met.
According to sources cited by the Federal News Network, tens of thousands of personal records belonging to US government workers may have been compromised as a result of this incident. However, the identities of most affected agencies have not yet been disclosed. The Department of Energy is the only agency that has been explicitly mentioned thus far, but it is expected that more will be revealed since MOVEit Transfer is widely used across multiple agencies.
In an effort to address concerns about national security, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), stated that based on discussions with industry partners in the Joint Cyber Defense Collaborative, these intrusions do not appear to be part of a broader campaign to gain persistent access or steal highly sensitive information. She described the attack as largely opportunistic in nature.