The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection.
Broadly, the RFJ program said it’s offering the reward of up to $10 million “for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
More specifically, RFJ said it is seeking information on six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) for their alleged roles in a criminal conspiracy involving malicious cyber activities affecting U.S. critical infrastructure.
The six hackers – all of them Russian nationals and officers in Unit 74455 of the GRU – cost U.S. entities nearly $1 billion in losses due to their malicious cyber activities, according to a press release.
The State Department said the six hackers are GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.
“These individuals were members of the criminal conspiracy responsible for the June 27, 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” the release says. “These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other U.S. private sector entities.”
The Department of Justice indicted the six hackers in October 2020, alleging that they utilized “some of the world’s most destructive malware to date.” The hackers were charged with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.
Anyone with information on the six hackers is encouraged to contact RFJ via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. A Tor browser is required.