WASHINGTON -- Kremlin-backed hackers are growing bolder, but the international community is taking steps to stop them from wreaking havoc on companies, institutions and individuals around the world.
The United States announced a $10 million reward last Thursday (November 4) for help finding leaders of the high-profile ransomware gang DarkSide, marking authorities' latest move to combat spiking cyber-extortion attacks.
Washington blamed the Russia-based group for the online assault that forced the shutdown of the largest oil pipeline in the eastern United States in May.
Cyber-extortion heists involve breaking into a company or institution's network to encrypt its data, then demanding a ransom, typically paid via cryptocurrency in exchange for the digital key to unlock it.
"In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," said a US State Department statement.
Washington also offered a $5 million bounty for information leading to the arrest or conviction in any country of anyone who tries to join in an attack with DarkSide.
Cyber crimes have been booming, with new data out in October showing that victims reported $590 million in ransomware-related payments to US authorities in the first half of 2021 alone.
The figure is also 42% higher than the amount divulged by financial institutions for all of 2020, the US Treasury report said, and there are strong indicators the true cost is likely in the billions.
Companies and institutions face intense pressure to pay up in order to retrieve their data but also to keep the attack secret from potentially angry clients and authorities who issue stern warnings not to give cash to criminals.
Cyberattacks on the rise
The bounty offer follows Microsoft's announcement that the state-backed Russian hacking group that carried out last year's massive SolarWinds cyberattacks is behind a new and ongoing assault against US and European targets.
Microsoft's Threat Intelligence Centre (MSTIC) October 25 said in a blog post that the Nobelium group was attempting to gain access to customers of cloud computing services and other information technology (IT) service providers to infiltrate "the governments, think tanks and other companies they serve".
Describing the cyberattack as "nation-state activity", MSTIC said it "shares the hallmarks" of the assault on SolarWinds, a Texas-based software company targeted as its 300,000-strong customer base gave the hackers access to a huge number of companies.
That attack went on for months before news agencies broke the story last December.
"It appears the widespread SolarWinds Russia-linked hackers from last year's attack are again on the hunt for sensitive data and stepping up supply chain attacks across the board," Daniel Ives, an analyst at Wedbush, a private investment firm, said in a note to investors.
Washington imposed sanctions in April and expelled Russian diplomats in retaliation for Moscow's alleged involvement in the SolarWinds affair, as well as election interference and other hostile activity.
The latest attack has been under way since at least May, MSTIC said, with Nobelium deploying a "diverse and dynamic toolkit that includes sophisticated malware".
It is not the first time Nobelium has mounted a comeback since SolarWinds, with Microsoft announcing in May that it had again detected a series of attacks by the group on government agencies, think tanks, consultants and other organisations.
The speed of the attacks is escalating, according to Microsoft Vice President Tom Burt, with the company notifying more than 600 customers this year of nearly 23,000 attempted intrusions.
While the success rate was only "in the low single digits", this compares to "attacks from all nation-state actors 20,500 times over the past three years", Burt said in a blog post published late October 24.