“Financial incentive from government entities could be a crucial step in combating the wave of ransomware attacks from DarkSide and related groups. Bounties encourage collaboration and intelligence sharing, which increases jeopardy for the attacker and may cause them to think again.

This latest policy move, plus the administration's earlier executive orders (EOs) on the subject, show that federal cyber leaders are pushing for a more secure future for the U.S. Previous EOs have emphasised the importance of stronger multi-factor authentication and encryption, which we applaud. These are critical elements in an effective cybersecurity stack, but an overarching zero trust approach will take businesses’, government agencies’ and critical infrastructure organisations’ proactive protection to the next level. 

Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside. If more security teams turn to this approach, fewer attacks and payments will need to be reported.”

 Neil Jones, Cybersecurity Evangelist, Egnyte

"The US government's $10 million reward for DarkSide leaders demonstrates the ability of ransomware to cripple global supply chains and grind business productivity to a halt. To put the size of that reward into perspective, the United States offered a $25 million reward for the capture of the late Osama bin Laden, which would be approximately $39 million today. I am particularly heartened by the US government's decision to offer $5 million for information that results in the arrest or conviction of those who perpetrate attacks that are powered by DarkSide's ransomware. To protect themselves, organisations should utilise ransomware detection technology, educate their employees about the danger of clicking on phishing emails and leverage Defense in Depth solutions such as Multi-Factor Authentication (MFA). The best ransomware payment is the one that your company never makes."

Steve Moore, chief security strategist, Exabeam

“This offer for bounty represents a continuation of a position made back in July 2021 on bug bounties – now it seems we have criminal adversary bounties. This is no different than a bounty on the head of a warlord or traditional criminal – just the cyber version. 

I believe that the Biden administration calls out DarkSide specifically due to their desire to manipulate the victim’s stock price and the additional stress it could represent on financial markets. In April of this year, they bragged about having access to companies who trade on NASDAQ and other exchanges. If payment isn’t received, they will release information before their earnings statements are made, allowing those ‘in the know’ to profit by shorting the stock.”

-- all ends --