Months after a ransomware attack forced Colonial Pipeline to shut operations, the U.S. State Department has announced a bounty of $10 million (£7.26 million) on information about state-sponsored hackers who are carrying out malicious cyber activities against U.S. critical infrastructure.
The offer, which could benefit White Hat hackers and threat hunters in the coming days, promises a bounty of up to £7.26 million to anyone who can offer information that leads to the identification or location of any malicious actor who is in the business of targeting U.S. critical infrastructure at the direction or under the control of a foreign government.
The offer, announced by the U.S. State Department on Thursday, also stipulates that the hacking activity should be in violation of the Computer Fraud and Abuse Act (CFAA). Acts that constitute as violations under the law include “transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer.”
“Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources. The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency,” the State Department said.
“We encourage anyone with information on malicious cyber activity, carried out against U.S. critical infrastructure in violation of the CFAA by actors at the direction of or under the control of a foreign government, to contact the Rewards for Justice office via our Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).”
Commenting on the first-ever bounty offered by the U.S. government to identify and locate state-sponsored hackers, Richard Walters, CTO of Censornet, told TEISS that this is a significant reward that could turn the head of any ransomware hacker. However, it is difficult to establish if the offer amount is sufficient to lure hackers away from the lucrative ransomware industry and report on their colleagues.
“Cybercriminals are masters of disguise and subterfuge, so it’s not guaranteed that they are in possession of any identifying information about their colleagues. Also, ransomware is a profitable business. Would hackers risk killing their golden goose by turning in a partner in crime?” he said.
“When you pay a ransom, there’s no guarantee a cybercriminal will come good on their promises and hand back your data. Can we really trust a hacker who informs on their colleagues? How can we guarantee they won’t lie or simply disappear with the money? We can’t, basically.
“Hackers are not to be trusted when it comes to ransomware negotiations, which is one reason why we advise that they shouldn’t pay ransoms. It might be wise for the US State Department to consider this fact when dealing with cyber-informants,” he added.
On the same day when the bounty was announced, the U.S. Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS) also launched a new website, named Stop Ransomware.gov, as a one-stop hub for ransomware resources for individuals, businesses, and other organisations.
According to DoJ, StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies. It offers individuals and businesses guidance, the latest alerts, updates, and resources related to ransomware attacks. This way, individuals and organisations won’t have to visit a variety of websites to find the latest information and alerts about ransomware threats.
“Like most cyber attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks, and StopRansomware.gov will help these organisations and many more to take simple steps to protect their networks and respond to ransomware incidents while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk,” the department said.