US State Department Announces $10 Million Bounty for Information on Clop Ransomware Attacks - One2Call

In an intensified effort to combat cyber crime, the US State Department's Rewards for Justice (RFJ) programme has revealed a bounty of up to $10 million for information linking the recent Clop ransomware attacks to a foreign government. The announcement follows a wide range of disruptive cyber attacks launched by the Cyber Criminal and Ransomware Clop, which started last month and has resulted in the data of many large multinational businesses being stolen by exploiting a zero-day vulnerability in the MOVEit Transfer security file transfer platform. These attacks led to data breaches in potentially thousands of businesses, with data of hundreds of thousands of people being stolen, with the malicious threat actors threatening to publish the stolen information on the Dark Web unless a ransom is paid.

Rewards for Justice Programme

The RFJ programme, a longstanding initiative of the US Department of State, offers financial incentives for crucial intelligence about threats to US national security. Initially designed to gather information on terrorist activities, it has evolved to include cyber threats, addressing infamous groups such as the Conti ransomware operation, Russian Sandworm hackers, REvil ransomware, and the Evil Corp hacking group. The Clop ransomware group, which emerged in 2018 as a standard ransomware actor, has publicly claimed that its operations are solely financially driven, with no political interest. In the recent MOVEit attacks they have even gone as far as stating that all data gained from the attacks from government agencies had been deleted. However, the lack of verifiability has necessitated federal agencies to operate under the assumption that stolen data could be misused or fall into the hands of foreign governments.

Encouraging Insider Information

The RFJ programme aims to thwart further attacks by encouraging individuals, including potential insider threat actors, to submit valuable information about the Clop operation in exchange for a significant financial reward. To facilitate the process of tipping, the State Department has established a dedicated Tor SecureDrop server for the safe and secure submission of information about Clop and other cyber threat actors. It is hoped that this new development in the fight against cyber crime will generate valuable leads and help curb the activities of the Clop ransomware group, whose actions have been causing significant disruption and concern worldwide.

Cyber Security Solutions

Many Cyber Security specialist however have called into question the effectiveness of such programs in capturing cyber criminal groups or causing disruption to further Cyber Attacks. At One2Call we work with businesses across the UK to ensure that, regardless of where they come from, they are always protected from the latest cyber threats. We work to; understand your business, how you opporate, who has access to what and much more besides. We can help you put the best practices, policies and solution in place that will protect your business and its data from attack, now and into the future, through solution such as;

• Active Email Threat Protection: This Monitors your Email for Phishing and Targeted Attacks. Using advanced artificial intelligence tools, it is able to monitor for changes in language, brand impersonation attempts, malicious files, check links for legitimacy and much more.
• Endpoint Detection & Response: Compared to Traditional Signature Based Anti-Virus which can only monitor for known viruses, Endpoint Detection & Response uses Artificial Intelligence to monitor for unusual, suspicious or malicious activity on any of your endpoints/devices and stop it in its tracks.
• Dark Web Monitoring: Do you know what the Dark Web is? Do you know if any of your business account credentials could be available on the dark web for anyone to find and use to access your accounts? Our Dark Web monitoring service scours the Dark Web to find if your details have been leaked and notify us and you, so that we can work with you to help you secure your online accounts.
• Multi-Factor Authentication: MFA/2FA can secure you accounts against unauthorised access, even if your account details have been leaked on the dark web, without your unique 2FA/MFA code malicious threat actors can not access your accounts. We can work with your business to implement Multi-Factor Authentication across your accounts.
• Backups: A strong Backup Policy ensure that your business can recover from data loss or encryption attacks quickly and easily. Cyber Attackers have become smart to businesses using a comprehensive backup solution and in recent years have started to target these as part of their attacks, this is why we have implemented Immutable Backups. These backups are "Read Only" meaning that they can not be deleted or targeted as part of a cyber attack, ensuring that you always have a backup to recover from.
• MUCH more, including; Password Policies, Security Awareness Training, Patch Policy Management, SIEM/Log Management, Mobile Device Management & Security, Firewall & Encryption.