The State Department announced Tuesday that it is offering a reward of up to $10 million for information leading to six Russian intelligence hackers responsible for the infamous 2017 NotPetya malware.
That malware knocked out Chernobyl’s radiation monitoring system and did more than $1 billion in damage to a number of U.S. organizations, according to a federal indictment.
The reward is part of the State Department’s Rewards for Justice program and extends beyond just the six Russian intelligence hackers responsible for NotPetya to “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.”
But the six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) who were the architects of NotPetya malware are the focus of the State Department announcement. It noted that the malware damaged the computers of hospitals and other medical facilities in western Pennsylvania, a large U.S. pharmaceutical manufacturer and other U.S. private sector entities.
The State Department identified the suspects as GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin, calling them “members of a conspiracy that deployed destructive malware and took other disruptive actions for the strategic benefit of Russia through unauthorized access to victim computers.” The men operated inside the Sandworm unit of Russian intelligence, known as an unusually skilled hacking collective.
The Rewards for Justice program has paid in more than $200 million to more than 100 tipsters across the globe since it launched in 1984.
In February, the program announced a $10 million reward for information on two Iranian hackers who allegedly worked on state-sponsored cyber operations meant to interfere with the 2020 U.S. presidential election. The State Department has posted similar bounties for information about ransomware groups REvil and DarkSide.
Anyone with information on the suspects can report it via the State Department’s Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. A Tor browser is required.