Months after a ransomware attack forced Colonial Pipeline to cease operations, the U.S. Department of State announced a $ 10 million (£ 7.26 million) bounty for intelligence about government-sponsored hackers who carried out malicious cyber activities against critical U.S. Implement infrastructures.
The offering, which could benefit white hat hackers and threat hunters in the coming days, promises a bounty of up to 7.26 to anyone who provides information identifying or locating a malicious actor engaged in the business of targets £ million US Critical Infrastructure at the direction or control of a foreign government.
The offer announced by the US State Department on Thursday also provides that the hacking activities should violate the Computer Fraud and Abuse Act (CFAA). Acts that are considered to be in violation of the law include “transmitting blackmail threats as part of ransomware attacks; Intentional unauthorized access to a computer or violation of authorized access and thereby obtaining information from a protected computer; and knowingly cause the transmission of a program, information, code or command and, as a result of such behavior, willfully damage a protected computer without authorization. “
“In keeping with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a dark web (Tor-based) tip reporting channel to protect the safety of potential sources. The RFJ program also works with cross-agency partners to enable rapid processing of information and the possible relocation and disbursement of rewards to sources. Reward payments can include payments in cryptocurrency, ”the State Department said.
“We encourage anyone who has information about malicious cyber activity carried out in violation of the CFAA by actors acting on the direction or under the control of a foreign government against critical US infrastructures to contact the Rewards for office via our Tor-based tips Justice – reporting channel under: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required). “
Richard Walters, CTO of Censornet, commented on the first US government bounty to identify and locate state sponsored hackers, telling TEISS that it was a significant reward that any ransomware hacker could turn around. However, it is difficult to determine whether the bid amount is sufficient to lure hackers from the lucrative ransomware industry and report on their colleagues.
“Cyber criminals are masters of disguise and deception, so there is no guarantee that they will have any identifying information about their colleagues. Ransomware is also a lucrative business. Would hackers risk killing their golden goose by delivering an accomplice? ”He said.
“When you pay a ransom, there is no guarantee that a cybercriminal will keep their promises and return your data. Can we really trust a hacker who informs about his colleagues? How can we guarantee they won’t lie or just go away with the money? We basically can’t.
“Hackers cannot be trusted in ransomware negotiations. For this reason, we recommend that you do not pay a ransom. It might be wise for the US State Department to take this into account when dealing with cyber informants, ”he added.
On the same day the bounty was announced, the U.S. Department of Justice (DOJ) and Department of Homeland Security (DHS) also launched a new website called Stop Ransomware.gov as a one-stop shop for ransomware resources for individuals, businesses, and other organizations .
According to the DoJ, StopRansomware.gov is the first central hub that consolidates ransomware resources from all federal agencies. It provides guides, the latest alerts, updates, and resources related to ransomware attacks to individuals and businesses. This way, individuals and organizations don’t have to visit a multitude of websites for the latest information and alerts about ransomware threats.
“Like most cyberattacks, ransomware exploits the weakest link. Many small businesses still need to adequately protect their networks, and StopRansomware.gov will help these and many other organizations take simple steps to protect their networks and respond to ransomware incidents while enterprise-level IT teams provide the technical resources to reduce their ransomware risk, “said the department.