{ "id": "a702d967-60fc-478a-9548-575eae450e20", "created_at": "2026-04-06T00:08:03.776981Z", "updated_at": "2026-04-10T03:31:40.5141Z", "deleted_at": null, "sha1_hash": "bcc916e3135ba96a61af8d59da4f76d7e1fe33c4", "title": "U.S. offers $10 million reward for leaders of REvil ransomware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3795059, "plain_text": "U.S. offers $10 million reward for leaders of REvil ransomware\r\nBy Lawrence Abrams\r\nPublished: 2021-11-09 · Archived: 2026-04-05 18:28:08 UTC\r\nThe U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation,\r\nincluding $5 million leading to the arrest of affiliates.\r\nThis bounty is being offered as part of the Department of State's Transnational Organized Crime Rewards\r\nProgram (TOCRP), which rewards informants for information that leads to the arrest or conviction of individuals in\r\ntransnational organized crime groups.\r\nLike the reward offered for information on DarkSide ransomware members, the amount rewarded for information depends\r\non the person's role in the REvil/Sodinokibi operation.\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe Department of State is offering a reward of up to $10,000,000 for information leading to the identification or location of\r\nany individual holding a key leadership position in the Sodinokibi ransomware variant transnational organized crime group,\"\r\nthe Department of State announced today.\r\n\"In addition, the Department is offering a reward offer of up to $5,000,000 for information leading to the arrest and/or\r\nconviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant\r\nransomware incident.\r\nThe REvil ransomware gang is responsible for numerous high-profile attacks\r\nagainst Kaseya, JBS, Coop, Travelex, GSMLaw, Kenneth Cole, and Grupo Fleury.\r\nWhen ransomware gangs attempt to evade law enforcement, they commonly rebrand under a new name. For example,\r\nthe GandCrab operation rebranded as REvil in 2019 after they began receiving too much attention from the media and law\r\nenforcement.\r\nSimilarly, other ransomware operations have also rebranded in the past, including:\r\nDarkSide to BlackMatter\r\nMaze to Egregor\r\nBitpaymer to DoppelPaymer to Grief\r\nNemty to Nefilim to Karma\r\nAs the Department of Statement announcement states, \"Sodinokibi variant ransomware,\" this reward will also apply to new\r\nransomware operations created by the REvil gang in the future.\r\nToday was also filled with numerous announcements regarding the arrest and indictments of multiple REvil gang members.\r\nThese arrests included an REvil hacker linked to the Kaseya ransomware attack and the seizure of $6 million in\r\ncryptocurrency obtained through REvil ransom demands.\r\nTo further disrupt the financial operations of ransomware groups, the U.S. also announced sanctions against the Chatex\r\ncryptocurrency exchange for assisting ransomware gangs in laundering and cashing out ransom payments.\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/" ], "report_names": [ "us-offers-10-million-reward-for-leaders-of-revil-ransomware" ], "threat_actors": [ { "id": "20c759c2-cd02-45bb-85c6-41bde9e6a7cf", "created_at": "2024-01-18T02:02:34.189827Z", "updated_at": "2026-04-10T02:00:04.721082Z", "deleted_at": null, "main_name": "HomeLand Justice", "aliases": [ "Banished Kitten", "Karma", "Red Sandstorm", "Storm-0842", "Void Manticore" ], "source_name": "ETDA:HomeLand Justice", "tools": [ "BABYWIPER", "BiBi Wiper", "BiBi-Linux Wiper", "BiBi-Windows Wiper", "Cl Wiper", "LowEraser", "No-Justice Wiper", "Plink", "PuTTY Link", "RevSocks", "W2K Res Kit" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434083, "ts_updated_at": 1775791900, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/bcc916e3135ba96a61af8d59da4f76d7e1fe33c4.pdf", "text": "https://archive.orkl.eu/bcc916e3135ba96a61af8d59da4f76d7e1fe33c4.txt", "img": "https://archive.orkl.eu/bcc916e3135ba96a61af8d59da4f76d7e1fe33c4.jpg" } }