Reward Offers for Information to Bring Sodinokibi (REvil) Ransomware Variant Co-Conspirators to Justice
The Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of any individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group. In addition, the Department is offering a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.
The Sodinokibi ransomware group, also known as REvil, was responsible for the ransomware incident perpetrated against JBS Foods, a provider of agricultural products primarily to Australia and the United States, which caused a major disruption in food processing and delivery. Sodinokibi also compromised Kaseya, an IT management company that provides network, application, and infrastructure services to thousands of small businesses and managed service providers. The incident not only impacted Kaseya’s operations, but also those of its clients around the world. In offering this reward, the United States is demonstrating its commitment to protecting ransomware victims around the world from exploitation by cyber criminals, and to working with nations willing to bring those criminals to justice.
This reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). The Department manages the TOCRP in close coordination with our federal law enforcement partners as part of a whole of government effort to disrupt and dismantle transnational organized crime globally, including cybercrime. More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program since 1986. The Department has paid more than $135 million in rewards to date.
This announcement complements U.S. Department of Justice actions and U.S. Department of the Treasury sanctions against two ransomware operators and a virtual currency exchange CHATEX.