This is your homework…

Please ignore that this is on Campaign's website. I needed to find a place to upload this press release, and I have access to Campaign!

This is a press release that has come in for SC Media UK – a cyber security magazine, read by cyber security professionals.

Please turn this into a 125-word story with a headline and standfirst. Please file to by Monday November 22, 9.30am.

-- starts --

News broke last night that the U.S. government is offering up to $10 million for information that can help trace the leaders of the Russia-linked DarkSide ransomware group.

According to law enforcement, DarkSide was the culprit behind the ransomware attack on Colonial Pipeline earlier this year, leaving the company no choice but to pay the $4.4 million ransom. Another award of up to $5 million is available for information that results in the arrest of anyone attempting an attack using ransomware from DarkSide.

The news comes amid increased tensions between President Biden and Vladimir Putin as Russian hackers continue to breach U.S. organisations.

I thought you might be covering the news, so I’ve provided a selection of quotes from various cybersecurity experts to help you in your reporting. Let me know if you have any questions or would like to speak to any of these experts further.

---- quotes start –––

Danny Lopez, CEO, Glasswall

“Financial incentive from government entities could be a crucial step in combating the wave of ransomware attacks from DarkSide and related groups. Bounties encourage collaboration and intelligence sharing, which increases jeopardy for the attacker and may cause them to think again.

This latest policy move, plus the administration's earlier executive orders (EOs) on the subject, show that federal cyber leaders are pushing for a more secure future for the U.S. Previous EOs have emphasised the importance of stronger multi-factor authentication and encryption, which we applaud. These are critical elements in an effective cybersecurity stack, but an overarching zero trust approach will take businesses’, government agencies’ and critical infrastructure organisations’ proactive protection to the next level. 

Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside. If more security teams turn to this approach, fewer attacks and payments will need to be reported.”

 Neil Jones, Cybersecurity Evangelist, Egnyte

"The US government's $10 million reward for DarkSide leaders demonstrates the ability of ransomware to cripple global supply chains and grind business productivity to a halt. To put the size of that reward into perspective, the United States offered a $25 million reward for the capture of the late Osama bin Laden, which would be approximately $39 million today. I am particularly heartened by the US government's decision to offer $5 million for information that results in the arrest or conviction of those who perpetrate attacks that are powered by DarkSide's ransomware. To protect themselves, organisations should utilise ransomware detection technology, educate their employees about the danger of clicking on phishing emails and leverage Defense in Depth solutions such as Multi-Factor Authentication (MFA). The best ransomware payment is the one that your company never makes."

Steve Moore, chief security strategist, Exabeam

“This offer for bounty represents a continuation of a position made back in July 2021 on bug bounties – now it seems we have criminal adversary bounties. This is no different than a bounty on the head of a warlord or traditional criminal – just the cyber version. 

I believe that the Biden administration calls out DarkSide specifically due to their desire to manipulate the victim’s stock price and the additional stress it could represent on financial markets. In April of this year, they bragged about having access to companies who trade on NASDAQ and other exchanges. If payment isn’t received, they will release information before their earnings statements are made, allowing those ‘in the know’ to profit by shorting the stock.”

-- all ends --