State Department Offering Millions in Reward Money for Info on Top Ransomware Hackers

The State Department on Monday announced rewards of up to $10 million for information related to the Sodinokibi/REvil ransomware crime group.

The announcement came after the Department of Justice released details earlier in the day about recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

"Today, the Department of State through the Transnational Organized Crime Rewards Program (TOCRP) announced a reward offer of up to $10 million for information leading to the identification or location of any individual or individuals who hold key leadership positions in the Sodinokibi and REvil ransomware variant transnational organized crime group," State Department spokesperson Ned Price said during Monday's press briefing.

"The department is also offering a reward of up to $5 million for information leading to the arrest and or the conviction of any individual conspiring to participate in or attempting to participate in a Sodinokibi/REvil ransomware incident," Price added.

ned, price, state, department, press, briefing
State Department spokesperson Ned Price announced new rewards for information related to the Sodinokibi/REvil ransomware crime group. Above, Price speaks at the State Department on February 2. NICHOLAS KAMM/Pool/AFP/Getty Images

Since the group's first known ransomware attack in April 2019, it has "allegedly victimized more than 1,000 entities in multiple industry sectors," according to Price.

Along with private businesses, those entities include law enforcement agencies, government agencies and educational and medical institutions, he said.

Justice Department officials said Monday they had arrested Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who is allegedly connected to the Sodinokibi/REvil ransomware. He allegedly helped carry out an attack on global IT provider Kaseya this past July, which infected the company's software before infecting more than a thousand companies that relied on Kaseya's product.

Vasinskyi was detained in Poland after recently traveling to Ukraine. American officials have requested that he be extradited to the U.S.

Along with Vasinskyi, the Justice Department announced charges against Yevgeniy Polyanin, a 28-year-old Russian national who is accused of conducting Sodinokibi/REvil ransomware attacks. One attack he was allegedly involved with occurred in Texas in 2019. The attack involved multiple victims, including businesses and government entities, in 22 different towns and cities simultaneously.

The Justice Department also said it had seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin. The department noted that Polyanin is believed to be abroad.

"The United States remains committed to protecting all ransomware victims around the world from the exploitation of cybercriminals," according to Price. "In offering this reward, the United States is demonstrating its commitment to protecting ransomware victims around the world from exploitation by cybercriminals, and to working with nations willing to bring those criminals to justice."