US feds offer $10M reward for info on Cl0p hackers


Cl0p ransomware gang, responsible for the recent MOVEit vulnerability attacks, enters the digital Wild West, as the US State Department promised informants a $10 million bounty for tips on gang members.

“Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting US critical infrastructure to a foreign government? Send us a tip,” the ad invited.

The Rewards for Justice program announced the bounty on its Twitter page.

Cl0p has recently been in the spotlight as the gang exploited a now-fixed flaw in the MOVEit Transfer, a managed file transfer software. The gang boasted of breaching hundreds of companies.

Last week, Cl0p started listing victims from the MOVEit exploit, including Shell Global.

The feds offer money for intel that could help them identify or locate Cl0p-affiliated members or any other person who “while acting at the direction or under the control of a foreign government” attacks US critical infrastructure.

Who is the Cl0p ransomware gang?

The Russia-linked gang goes by different names. People in the cyber industry know the syndicate as TA505, Lace Tempest, Dungeon Spider, and FIN11. The reason behind the many names is simple – the gang is quite old. It was first observed in 2019 — a long time in the ever-changing ransomware landscape.

Like many other established players, Cl0p operates under the Ransomware-as-a-Service (RaaS) mode, which means it rents the software to affiliates for a pre-agreed cut of the ransom payment.

The gang employs the “double-extortion” technique of stealing and encrypting victim data, refusing to restore access and publishing exfiltrated data into its data leak site if the ransom is not paid.

In 2021, Ukrainian law enforcement dealt the gang a major blow, leading to several arrests and the dismantling of the gang’s server IT infrastructure. The arrests eventually forced it to shut down operations from November 2021 to February 2022. However, the gang has been steadily recovering since then.