The U.S. Department of State’s Rewards for Justice is offering $10 million for information on six Russian intelligence agents involved in the 2017 NotPetya attacks.
GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin were indicted in 2020 for the brutal, global malware event, though the group has not been extradited to the United States to stand trial. All six officers are from in the same GRU Unit, Unit 74455, colloquially known as "Sandworm."
In 2017, a wiper worm disguised as ransomware was distributed through a malicious update from the M.E.Doc accounting software widely used in Ukraine. The wiper, known as NotPetya due to similarities to the Petya ransomware, quickly escaped Ukrainian networks and ultimately caused billions of dollars in damage globally.
Describing the U.S. interest in bringing the six officers to justice in its announcement Tuesday, the State Department wrote: "These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other U.S. private sector entities. The malicious cyber activities collectively cost these U.S. entities nearly $1 billion in losses."
While the Sandworm unit has been tied to the ongoing war in Ukraine, and while the six officers indicted were linked by the FBI to several other attacks — including hacking political campaigns in France and Georgia and the Olympic Destroyer malware — the State Department only mentions NotPetya in its announcement of a reward.
"We encourage anyone with information on these six individuals’ malicious cyberactivity to contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion", wrote the State Department.