DOJ Offers $10M Reward For Russian in Ukraine Cyberattack

The Department of Justice has offered a $10 million reward for information regarding a Russian man accused of distributing malware known as "WhisperGate" to destroy Ukrainian government computer systems and related data in advance of Russia's invasion.

The DOJ posted the reward for information on the FBI's Most Wanted board regarding the location or cybersecurity activity of Amin Timovich Stigal, 22, a Russian citizen who was charged Tuesday by a federal grand jury in Maryland with conspiracy to hack into and destroy computer systems and data. U.S. District Court in Maryland also issued an arrest warrant for Stigal, who remains at large.

"Amin Timovich Stigal attempted to leverage malware to aid the Russian military in the invasion of Ukraine," FBI Deputy Director Paul Abbate said Wednesday in a news release. "Today's indictment demonstrates the FBI's unwavering commitment to combat malicious cyber activities by our adversaries, and we will continue to work with our international partners to thwart attempts to undermine and harm our allies."

If convicted, Stigal faces a maximum penalty of five years in prison. The FBI's Baltimore field office is investigating the case.

Federal prosecutors said in the news release that in January 2022, Stigal and members of the Main Intelligence Directorate of the general staff of the Russian Federation conspired to use a U.S.-based company's services to distribute the "WhisperGate" malware to the computer systems of dozens of Ukrainian government entities and destroy those systems and related data in advance of the Russia's invasion on Feb. 24, 2022.

"WhisperGate" was designed to look like ransomware by first deleting the files on the targeted computers, and then producing a ransom note that demanded a payment of $10,000 in bitcoin to retrieve the data that had been wiped, The Washington Post reported.

Prosecutors said during the attack that sensitive data, including patient health records, were stolen and websites were defaced to read: "Ukrainians! All information about you has become public, be afraid, and expect the worst. This is for your past, present, and future."

That same day, prosecutors said the hacked data was offered for sale on the internet. The suspects' goal was to sow concern among the broader Ukrainian population regarding the safety of government systems and data.

In August 2022, prosecutors said Stigal and Russian intelligence also hacked the transportation infrastructure of a Central European country that was supporting Ukraine. The name of the country was not revealed. Prosecutors alleged that from Aug. 5, 2021, through Feb. 3, 2022, the same computer infrastructure used in the Ukraine-related attacks was used to probe computers belonging to a federal government agency in Maryland.

The activity included the probing of U.S. government websites hosted by protected computers 63 times, the Post reported, citing court documents. The indictment did not say whether the probing of U.S. systems in Maryland was successful.