The Cl0p ransomware gang, also known as TA505, Lace Tempest, Dungeon Spider, and FIN11, has entered a new phase of digital conflict as the US State Department offers a $10 million bounty for information on the gang’s members. The move comes after the gang exploited a recently patched vulnerability in MOVEit Transfer, a managed file transfer software, claiming to have breached hundreds of companies, including Shell Global. The Rewards for Justice program, through a Twitter announcement, invited individuals with information linking Cl0p or other malicious cyber actors targeting US critical infrastructure to foreign governments to come forward with tips. Cl0p, a Russia-linked group, has been a prominent player in the ransomware landscape since its first observation in 2019.
Operating under the Ransomware-as-a-Service (RaaS) model, the gang rents its software to affiliates in exchange for a predetermined share of the ransom payments. Notably, Cl0p employs the “double-extortion” technique, stealing and encrypting victim data, and threatening to publish the exfiltrated data if the ransom is not paid. Despite facing setbacks in 2021, including arrests and the dismantling of its server infrastructure by Ukrainian law enforcement, Cl0p has gradually recovered and resumed its operations since February 2022.
The US government’s proactive stance in offering a substantial reward reflects the growing concern over cyber threats to critical infrastructure, with a specific focus on identifying and locating Cl0p-affiliated members or individuals acting under the control of foreign governments in such attacks. The digital Wild West analogy underscores the evolving nature of cyber conflicts and the need for robust measures to counteract cyber threats.
