{
	"id": "d6d9e8a9-5f38-4195-9521-2793aa5211e6",
	"created_at": "2026-04-06T00:15:55.673227Z",
	"updated_at": "2026-04-10T03:26:47.13799Z",
	"deleted_at": null,
	"sha1_hash": "e191332a4fe40a16f001533fa160d1dddb3f4f63",
	"title": "US offers $15 million bounty for info on LockBit ransomware gang",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3796103,
	"plain_text": "US offers $15 million bounty for info on LockBit ransomware gang\r\nBy Sergiu Gatlan\r\nPublished: 2024-02-21 · Archived: 2026-04-05 14:12:31 UTC\r\nThe U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about\r\nLockBit ransomware gang members and their associates.\r\n$10 million is offered for information that could lead to locating or identifying LockBit leadership, and an extra $5 million is\r\navailable for tips that could lead to the apprehension of LockBit ransomware affiliates.\r\nThe U.S. Department of Justice linked the gang to over 2,000 victims and said it raked in more than $120 million after\r\nransom demands totaling hundreds of millions of dollars.\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThe rewards are provided via the Transnational Organized Crime Rewards Program (TOCRP), with the U.S. government\r\nhaving already paid more than $135 million for helpful tips since 1986.\r\nThe State Department has a dedicated Tor SecureDrop server that can be used to anonymously submit tips on LockBit and\r\nother wanted threat actors.\r\nU.S. State Department Secure Drop page (BleepingComputer)\r\n\"The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or\r\nconviction of any individual participating in a LockBit ransomware variant attack and for information leading to the\r\nidentification and/or location of any key leaders of the LockBit ransomware group,\" U.S. State Department Spokesperson\r\nMatthew Miller said today.\r\n\"Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the\r\nworld, causing costly disruptions to operations and the destruction or exfiltration of sensitive information.\r\n\"More than $144 million in ransom payments have been made to recover from LockBit ransomware events.\"\r\nLockBit down after law enforcement crackdown\r\nLockBit ransomware's infrastructure was seized this Tuesday after its dark web leak sites were taken down on Monday in a\r\nglobal law enforcement operation codenamed Operation Cronos that started months ago and was led by the U.K.'s National\r\nCrime Agency (NCA).\r\nPolice officials released a free LockBit 3.0 Black Ransomware decryptor on the 'No More Ransom' portal, developed using\r\nover 1,000 decryption keys retrieved from LockBit's seized servers.\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nPage 3 of 5\n\nLockBit leak site after seizure (BleepingComputer)\r\nTwo LockBit affiliates were arrested in Poland and Ukraine, while French and U.S. judicial authorities issued three\r\ninternational arrest warrants and five indictments against other LockBit threat actors.\r\nThe U.S. Justice Department also unsealed two of the indictments this week against two Russian suspects, Artur Sungatov\r\nand Ivan Gennadievich Kondratiev (aka Bassterlord), charging them for their alleged involvement in LockBit attacks.\r\nIn total, police seized 34 Lockbit servers worldwide and over 200 crypto-wallets used by the gang to collect ransom\r\npayments.\r\nLaw enforcement released additional information today on the group's dark web leak site, revealing that LockBit had\r\nemployed 188 affiliates over time. However, no details are available regarding the number of active affiliates at the time of\r\nthe crackdown\r\nThe LockBit ransomware-as-a-service (RaaS) operation emerged in September 2019 and was the longest-running before\r\nbeing taken down this week.\r\nSince it surfaced, LockBit has claimed attacks on many large-scale and government organizations worldwide, including\r\nBoeing, the Continental automotive giant, the UK Royal Mail, and the Italian Internal Revenue Service.\r\nMost recently, Bank of America warned customers of a data breach after its Infosys McCamish Systems (IMS) service\r\nprovider got hacked in an attack claimed by LockBit.\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nhttps://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang/"
	],
	"report_names": [
		"us-offers-15-million-bounty-for-info-on-lockbit-ransomware-gang"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5",
			"created_at": "2022-10-25T16:07:23.797925Z",
			"updated_at": "2026-04-10T02:00:04.752608Z",
			"deleted_at": null,
			"main_name": "LockBit Gang",
			"aliases": [
				"Bitwise Spider",
				"Operation Cronos"
			],
			"source_name": "ETDA:LockBit Gang",
			"tools": [
				"3AM",
				"ABCD Ransomware",
				"CrackMapExec",
				"EmPyre",
				"EmpireProject",
				"LockBit",
				"LockBit Black",
				"Mimikatz",
				"PowerShell Empire",
				"PsExec",
				"Syrphid"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434555,
	"ts_updated_at": 1775791607,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e191332a4fe40a16f001533fa160d1dddb3f4f63.pdf",
		"text": "https://archive.orkl.eu/e191332a4fe40a16f001533fa160d1dddb3f4f63.txt",
		"img": "https://archive.orkl.eu/e191332a4fe40a16f001533fa160d1dddb3f4f63.jpg"
	}
}