US offering $10 million for info on Russian military hackers accused of NotPetya attacks

The U.S. State Department announced a $10 million reward Tuesday for information about six hackers working within the GRU, Russia’s foreign military intelligence agency.

The six — all of them tied to the infamous “Sandworm” hacking group — were implicated in the creation and propagation of the NotPetya malware in charges filed by the Justice Department in 2020

U.S. officials previously said NotPetya caused $10 billion worth of damage worldwide but noted in a release on Tuesday that the malware collectively cost U.S. organizations nearly $1 billion in losses.

GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin are listed in the notice and are accused of violating the Computer Fraud and Abuse Act (CFAA) through attacks on U.S. critical infrastructure. 

“These individuals were members of the criminal conspiracy responsible for the June 27, 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” the State Department said. “These cyber intrusions damaged the computers of hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in western Pennsylvania, a large U.S. pharmaceutical manufacturer, and other US private sector entities.”

The DOJ has previously said that NotPetya crippled Heritage Valley’s two hospitals, 60 offices, and 18 community satellite facilities, keeping hospital officials from accessing patient histories, exam files and lab records. 

The hospitals had no access to computer systems connected to cardiology, nuclear medicine, radiology, and surgery departments for a week, and their administrative systems were down for nearly a month. 

The six GRU members worked within Unit 74455, which is also known by some researchers as Voodoo Bear, Telebots and Iron Viking. 

In 2020, they were charged with a range of offenses connected to attacks on Ukraine, Georgia, France and South Korea.

In addition to NotPetya, the group used destructive malware like KillDisk and Industroyer to cause blackouts in Ukraine. They also…