The U.S. Department of State is offering up to $10 million for any information leading to the identification or location of any individual who holds a "key leadership role" in the Sodinokibi ransomware group, also known as REvil.
In addition to the $10 million reward, the department is also offering up to $5 million for any information leading to the arrest and/or conviction of any individual, regardless of what country they live in, who has conspired to participate in a REvil ransomware attack, according to a department news release published on Monday.
REvil was linked to a ransomware attack targeting the world's largest meat processor, JBS SA, in late May, according to the FBI. Hackers targeted servers supporting JBS’s operations in North America and Australia. Production was disrupted for several days.
The "ransomware transitional organized crime group," as described by the State Department, was also allegedly responsible for a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.
"The number of victims here is already over a thousand and will likely reach into the tens of thousands," cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said of the Fourth of July attack. "No other ransomware campaign comes even close in terms of impact."
Both rewards are being offered under the State Department’s Transnational Organized Crime Rewards Program (TOCRP), the news release said.
"The Department manages the TOCRP in close coordination with our federal law enforcement partners as part of a whole of government effort to disrupt and dismantle transnational organized crime globally, including cybercrime," according to the State Department.
The announcement of the hefty rewards comes on the same day that two suspected criminal hackers from REvil were charged by the U.S. Justice Department on Monday.
FILE - A man sits in front of three screens with text.
One was charged over an alleged connection to the meat processor hack and the other was allegedly connected to the Fourth of July hack, officials said.
Attorney General Merrick Garland and other top officials announced the charges against Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin, alleging that they are part of the ransomware gang. Officials said Vasinskyi was recently arrested in Poland and that the U.S. government had recovered $6.1 million in ill-gotten funds from Polyanin.
"The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack," Garland said.
The Treasury Department also announced sanctions against the pair as well in what it said was a virtual currency exchange, Chatex, that the department said was used by ransomware gangs.
European law enforcement authorities also announced Monday that they had arrested two other suspected ransomware operators with links to REvil in Romania. They are among seven hackers suspected to have links to ransomware attacks that have targeted thousands of victims and have been arrested since last February as part of a global cybercrime crackdown, authorities said.
None of those arrested hackers were identified by name, but Europol said two suspected hackers believed to be linked to the ransomware gang known as REvil were arrested last week for involvement in attacks that yielded about $580,000 in ransom payments. Authorities in Kuwait arrested another accused hacker last week, and South Korean authorities have arrested three since last February. A seventh was arrested last month in Europe. The arrests were part of a law enforcement investigation called GoldDust that involved the U.S. and 16 other countries
The Associated Press contributed to this report.