A joint Cybersecurity Advisory by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) has issued a series of protective measures to help reduce the impact of attacks being carried out by the CL0P Ransomware Gang.
The long-standing ransomware group, also known as TA505, is currently targeting a vulnerability in the MOVEit file transfer software (CVE-2023-3436), and has reportedly stolen data from underlying MOVEit Transfer databases.
Now, though, there is a reward up for grabs for anybody able to draw links between the gang and foreign governments.
CL0P bounty is announced
The US State Department Rewards for Justice Program announced in a Tweet:
“Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward.”
The US is most concerned about extortion threats, unauthorized access, and destruction relating to critical and protected infrastructure, including those used in or affecting interstate or foreign commerce or communication.
Rewards for Justice is welcoming any information via Signal, Telegram, WhatsApp, and its Tor-based tip line.
The supporting post details plans to make rewards of up to $10 million available to those able to provide “information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
It also reports that “possible relocation and rewards payments by cryptocurrency may be available to eligible sources.”
While it is not known who is behind the group, its name is believed to be derived from the Russian word ‘klop,’ which means bedbug (via Sangfor). It is also believed that CL0P was behind Tasmanian Government attacks earlier this year.