Threat Management, Threat Management, Governance, Risk and Compliance

US offers $10 million for information on Russians involved in NotPetya attacks

U.S. Attorney for the Western District of Pennsylvania Scott Brady, right, accompanied by Assistant Attorney General for the National Security Division John Demers, left, speaks at a news conference at the Department of Justice on Oct. 19, 2020, in Washington to announce the indictment against six Russia GRU officers for whom the State Department is now offering a reward. (Photo by Andrew Harnik - Pool/Getty Images)

The U.S. Department of State’s Rewards for Justice is offering $10 million for information on six Russian intelligence agents involved in the 2017 NotPetya attacks.

GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin were indicted in 2020 for the brutal, global malware event, though the group has not been extradited to the United States to stand trial. All six officers are from in the same GRU Unit, Unit 74455, colloquially known as "Sandworm."

In 2017, a wiper worm disguised as ransomware was distributed through a malicious update from the M.E.Doc accounting software widely used in Ukraine. The wiper, known as NotPetya due to similarities to the Petya ransomware, quickly escaped Ukrainian networks and ultimately caused billions of dollars in damage globally.

Describing the U.S. interest in bringing the six officers to justice in its announcement Tuesday, the State Department wrote: "These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other U.S. private sector entities. The malicious cyber activities collectively cost these U.S. entities nearly $1 billion in losses."

While the Sandworm unit has been tied to the ongoing war in Ukraine, and while the six officers indicted were linked by the FBI to several other attacks — including hacking political campaigns in France and Georgia and the Olympic Destroyer malware — the State Department only mentions NotPetya in its announcement of a reward.

"We encourage anyone with information on these six individuals’ malicious cyberactivity to contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion", wrote the State Department.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.