{
	"id": "3e0d76c0-998d-48a8-8edf-577e98a100a5",
	"created_at": "2026-04-06T00:19:32.256319Z",
	"updated_at": "2026-04-10T03:30:30.538502Z",
	"deleted_at": null,
	"sha1_hash": "e0e4dd08423d8ede87bcd89f49009c4b15c9f85a",
	"title": "US govt offers $10 million bounty for info on Clop ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4704593,
	"plain_text": "US govt offers $10 million bounty for info on Clop ransomware\r\nBy Lawrence Abrams\r\nPublished: 2023-06-17 · Archived: 2026-04-05 15:25:14 UTC\r\nThe U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information\r\nlinking the Clop ransomware attacks to a foreign government.\r\n\"Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure\r\nto a foreign government? Send us a tip. You could be eligible for a reward,\" tweeted the Rewards for Justice Twitter account.\r\nRewards of Justice (RFJ) is a U.S. Department of State program that offers monetary rewards for information on threat\r\nactors and attacks impacting the national security of the USA.\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nInitially launched to gather information on terrorists targeting U.S. interests, the program has since expanded to include\r\ninformation on cyber criminals, such as the Conti ransomware operation, Russian Sandworm hackers, REvil ransomware,\r\nand the Evil Corp hacking group.\r\nData breaches at U.S. federal agencies\r\nThis new RFJ bounty comes after the Clop ransomware conducted data-theft attacks on companies worldwide using a zero-day vulnerability in the MOVEit Transfer security file transfer platform.\r\nThe attacks started on May 27th, over the long U.S. Memorial Day holiday, with the Clop ransomware gang claiming to\r\nhave stolen data from hundreds of companies.\r\nThis week, Clop began extorting companies by listing their names on a data leak site, promising to start leaking data if a\r\nransom was not paid.\r\nClop message on MOVEit Transfer attacks\r\nAt the same time, CNN first reported that numerous federal agencies, including The Department of Energy, were breached\r\nduring these attacks, with data likely stolen.\r\nThe Clop threat actors told BleepingComputer earlier this month that any data stolen from governments was immediately\r\ndeleted. They reiterated these claims this week in a message on their Tor data, saying they are only financially motivated and\r\nare not interested in politics.\r\n\"We got a lot of emails about government data, we don't have any government data and anything directly residing on\r\nexposed and bad protected not encrypted file transfer we still do the polite thing and delete all,\" reads a message on the Clop\r\ndata leak site.\r\nWhile the threat actors claim to be deleting any data stolen from governments, there is no way to determine if this actually\r\ntakes place. \r\nhttps://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/\r\nPage 3 of 4\n\nTherefore, federal agencies must make the assumption that stolen data could be abused or potentially acquired by foreign\r\ngovernments.\r\nThe Rewards for Justice program hopes to prevent future attacks by enticing people, including other threat actors who may\r\nhave information about the Clop operation, to submit tips for a million-dollar reward.\r\nTo submit a tip, the State Department has set up a dedicated Tor SecureDrop server that can be used to submit information\r\non Clop and other threat actors.\r\nH/T vx-underground\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/"
	],
	"report_names": [
		"us-govt-offers-10-million-bounty-for-info-on-clop-ransomware"
	],
	"threat_actors": [
		{
			"id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df",
			"created_at": "2023-01-06T13:46:38.402513Z",
			"updated_at": "2026-04-10T02:00:02.959797Z",
			"deleted_at": null,
			"main_name": "Sandworm",
			"aliases": [
				"IRIDIUM",
				"Blue Echidna",
				"VOODOO BEAR",
				"FROZENBARENTS",
				"UAC-0113",
				"Seashell Blizzard",
				"UAC-0082",
				"APT44",
				"Quedagh",
				"TEMP.Noble",
				"IRON VIKING",
				"G0034",
				"ELECTRUM",
				"TeleBots"
			],
			"source_name": "MISPGALAXY:Sandworm",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7bd810cb-d674-4763-86eb-2cc182d24ea0",
			"created_at": "2022-10-25T16:07:24.1537Z",
			"updated_at": "2026-04-10T02:00:04.883793Z",
			"deleted_at": null,
			"main_name": "Sandworm Team",
			"aliases": [
				"APT 44",
				"ATK 14",
				"BE2",
				"Blue Echidna",
				"CTG-7263",
				"FROZENBARENTS",
				"G0034",
				"Grey Tornado",
				"IRIDIUM",
				"Iron Viking",
				"Quedagh",
				"Razing Ursa",
				"Sandworm",
				"Sandworm Team",
				"Seashell Blizzard",
				"TEMP.Noble",
				"UAC-0082",
				"UAC-0113",
				"UAC-0125",
				"UAC-0133",
				"Voodoo Bear"
			],
			"source_name": "ETDA:Sandworm Team",
			"tools": [
				"AWFULSHRED",
				"ArguePatch",
				"BIASBOAT",
				"Black Energy",
				"BlackEnergy",
				"CaddyWiper",
				"Colibri Loader",
				"Cyclops Blink",
				"CyclopsBlink",
				"DCRat",
				"DarkCrystal RAT",
				"Fobushell",
				"GOSSIPFLOW",
				"Gcat",
				"IcyWell",
				"Industroyer2",
				"JaguarBlade",
				"JuicyPotato",
				"Kapeka",
				"KillDisk.NCX",
				"LOADGRIP",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"ORCSHRED",
				"P.A.S.",
				"PassKillDisk",
				"Pitvotnacci",
				"PsList",
				"QUEUESEED",
				"RansomBoggs",
				"RottenPotato",
				"SOLOSHRED",
				"SwiftSlicer",
				"VPNFilter",
				"Warzone",
				"Warzone RAT",
				"Weevly"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434772,
	"ts_updated_at": 1775791830,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e0e4dd08423d8ede87bcd89f49009c4b15c9f85a.pdf",
		"text": "https://archive.orkl.eu/e0e4dd08423d8ede87bcd89f49009c4b15c9f85a.txt",
		"img": "https://archive.orkl.eu/e0e4dd08423d8ede87bcd89f49009c4b15c9f85a.jpg"
	}
}