State Department to Pay Reward for Information on Cyber Threats to the Country’s Critical Infrastructure
The US Department of State is offering rewards of up to $10 million for information about cyber threats to the country’s critical infrastructure. Alongside this, the Department of Homeland Security and the Department of Justice released a website called StopRansomware, which is described as a central hub for consolidating anti-ransomware resources from all federal government agencies.
The reward money for cyber threat information is being administered through the State Department’s Rewards for Justice program, which is overseen by the Office of the Diplomatic Security Service. The money will be awarded “for information leading to the identification or location of any person who, while acting under the direction or control of a foreign government, participates in malicious cyber activities against critical US infrastructure in violation of the Fraud Act and Computer Abuse, 1986,” according to the State Department.
The Rewards for Justice program was created in the 1980s to help gather information that could be used to help counter the threats of terrorism. Now, the program is being expanded to offer cash rewards for information about attackers targeting or attempting to target critical infrastructure.
“Bylaw violations may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly cause the transmission of a program, information, code or command, and as a result of such conduct, intentionally cause unauthorized damage to a protected computer,” according to the State Department announcement.
The department has established a Tor-based darknet site to receive tips and confidential information. The US government has already created other financial incentives to try to obtain information about hacking groups backed by nation states that pose a threat, including a $5 million reward for details about cyber activity in North Korea. But without very promising results.
Focus on ransomware and Russia
The reward program comes as the Biden administration is trying to intensify responses to a series of ransomware attacks that have targeted critical US infrastructure in recent months, including the attack on the Colonial Pipeline pipeline, which provides fuel for about 45% from the east coast of the United States, and to JBS, the largest meat processor in the world, of Brazilian origin.
On the 2nd of this month, software developer Kaseya was hit by ransomware that infected about 60 managed service providers (MSPs) using the company’s Virtual System Administrator technology, as well as up to 1,500 customers of those MSPs. Russian-speaking hacker gang REvil is suspected to have been the author of this attack.
After the attacks on Kaseya, President Joe Biden spoke with Russian President Vladimir Putin on the 9th of this month and repeated the same demands he made during the G7 summit in Geneva, Switzerland: that the Russian government must crack down cybercriminal activity within its borders. Biden added that the US government is prepared to take “any action necessary to defend its people and its critical infrastructure in the face” of these attacks, according to an official statement made by the White House.