U.S. Offering $10 Million for Information on Six Russian Sandworm Hackers


The United States is offering up to $10 million for information that would lead to the location of six Russian Sandworm hackers responsible for the most destructive malware attack in 2017.

The  U.S. Department of State announced the bounty and identified the six Russian hackers on Tuesday. They are Yuriy Sergeyevich AndrienkoSergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin. 

These six hackers work for the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 7445. Cybersecurity researchers believe that GRU unit 7445 is a notorious hacking group also known as Sandworm, Telebots, Voodoo Bear, and Iron Viking.

Signup for the USA Herald exclusive Newsletter

According to the U State Department, these six Russian Sandworm hackers were involved in the  NotPetya malware attack in the United States and worldwide on June 27, 2017. The cyberattack damaged the computer networks of U.S. entities including the hospitals and other medical facilities in the Heritage Valley Health System in Pennsylvania. The U.S. entities infected by the NotPetya malware collectively suffered almost $1 billion in losses.

In October 2020, the U.S. Department of Justice (DOJ) filed a lawsuit against these six Russian Sandworm hackers after a federal grand jury found that they deployed the NotPeya malware to harm U.S. and international entities.

The DOJ charged these Russian Sandworm hackers with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.


In November 2021, the State Department also offered a bounty of up to $10 million for tips leading to the identification or location of the leaders of DarkSide transnational organized crime group.

The DarkSide is a hacker group responsible for the ransomware attack on the Colonial pipeline in May 2021. The cyberattack resulted in the temporary shutdown of the pipeline that carries 45% of fuel supplies on the East Coast. The shutdown caused fuel shortages, gas price increases, and panic buying.

Following the social problems caused by the ransomware attack, DarkSide apologized and clarified that it is not linked to any government or does not participate in geopolitics. The hacker group also stated that its “goal is to make money” and promised to “avoid social consequences in the future.”

Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.