The U.S. government on Tuesday announced a sizeable reward for tips on a massive 2017 cyberattack that had a global impact.
The U.S. Department of State confirmed the $10 million reward in a press release, stating that it is seeking information that will lead to the location of six officers with the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) who carried out the 2017 NotPetya cyberattack. The group went by many names, including most notably the Sandworm Team.
The six officers are Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin. The State Department’s press release alleges that they “deployed destructive malware and took other disruptive actions for the strategic benefit of Russia through unauthorized access to victim computers.” The attack impacted cyberinfrastructure on a global scale, ranging from the U.S. to Ukraine.
The attack, carried out using a malware program known as NotPetya, began in June 27, 2017, and infected computer systems worldwide with the virus. In the U.S., the attack notably targeted the Heritage Valley Health System in western Pennsylvania. It also hit an unnamed “large U.S. pharmaceutical manufacturer” and other major institutions in the U.S. private sector, ultimately causing over $1 billion in losses.
In October 2020, a U.S. grand jury moved to indict the six GRU officers on charges pertaining to the attack, including counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers and aggravated identity theft.
The State Department said that tips can be submitted via the open-source browser Tor, which allows for anonymous communication and access to the “Dark Web.” The department provided a URL for the tip line, which requires the Tor browser for access.
“Commensurate with the seriousness with which we view these cyber threats, Rewards for Justice has set up a Dark Web (Tor-based) tips-reporting line to protect the safety and security of potential sources,” the Rewards for Justice page reads. “Possible relocation and rewards payments by cryptocurrency may be available to eligible sources.”
Officially known as Unit 74455, the six-man GRU team responsible for the attack also went by names like Telebots, Voodoo Bear and Iron Viking, in addition to the more well-known Sandworm Team. It was also responsible for a 2016 attack that took out portions of Ukraine’s power grid.
The reward for Sandworm Team is being offered as part of the State Department’s Rewards for Justice program. The department claims that the program has paid out over $200 million to over 100 individuals worldwide since its inception in 1984.