Europol says Telegram post about 50,000 Qilin ransomware award is fake

It's not unusual for law enforcement agencies to offer substantial rewards for information which might lead to the identification, arrest, and conviction of cybercriminals.

For instance, we have seen a US $10 million reward for suspected LockBit ransomware mastermind Dmitry Yuryevich Khoroshev, a $2.5 million bounty offered for the arrest of a key person suspected of involvement with the Angler Exploit Kit, and a $10 million reward offered for information about the Russian military hackers implicated in the NotPetya attack, amongst many other examples.

So it probably didn't seem so strange that an array of cybersecurity news outlets announced last week that Europol was offering a reward of up to $50,000 for information about two senior members of the Qilin ransomware gang.

Unfortunately, it wasn't true.

As Bleeping Computer reports, a new Telegram channel called @europolcti was created earlier this month and that is where the fake news of the $50,000 reward was posted rather than on Europol's website, or official social media accounts.

The text of the fake reward offer read in part:

During the course of ongoing international investigations, we have confirmed that the cybercriminal group Qilin has carried out ransomware attacks worldwide, severely disrupting critical infrastructure and causing significant financial losses.

The message continued by claiming that Europol had identified that Qilin gang's primary administrators, who oversaw extortions and co-ordinated affiliates, used the online aliases "Haise" and "XORacle".

A reward of up to $50,000 is offered for information that directly leads to the identification or location of these administrators.

Now, that certainly would be news worth writing about if it were true (although, if I can be churlish, I view the size of the reward as not really being in the same league as other bounties offered in the past), but it has been confirmed as nonsense by Europol itself.

As with much of social media, it's easy for anyone to create an account claiming to be whoever they like. And if any posts they make happen to generate some traction, it can soon be the case that the news is multiplying and spreading uncontrolled around the world.

So, why exactly did someone post news of a fake bounty for information leading to members of the Qilin ransomware gang?

Well, a possible explanation might be found in a subsequent post on the channel from someone calling themselves "Rey":

This was so easy o run and fool so called 'Researchers' and 'Journalists' that just copy stuff.. Thank you all!

Europol's Qilin ransomware bounty may be nonsense. But the ransomware itself is a serious threat, and no laughing matter. Earlier this year an official investigation linked an attack by Qilin against a UK NHS provider as being one of the factors that caused a patient's death.