The State Department announced a $10 million reward[1] for any information about hackers working for foreign governments.
The measure is aimed squarely at those participating in "malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act." Officials said in a release that this included ransomware attacks targeting "critical infrastructure."
In addition to ransomware, the notice mentions a number of other cyber violations and notes that it applies to government computers as well as "those used in or affecting interstate or foreign commerce or communication."
Ransomware groups have made millions over the last two years attacking pipelines, manufacturers, hospitals, schools and local governments. While attacks on Colonial Pipeline[2] and major meat processor JBS[3] drew the biggest headlines, hundreds of healthcare institutions[4], universities[5] and grade schools[6] have suffered from damaging attacks. The DHS estimated that about $350 million[7] in ransom was paid to cybercriminals in 2020.
The reward program is run through the Diplomatic Security Service and has organized a "Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources."
"The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency," the State Department said.
"More information about this reward offer is located on the Rewards for Justice website at www.rewardsforjustice.net[8]."
POLITICO reported on Wednesday[9] that the reward was part of a larger rollout of actions[10] the Biden Administration was taking to address ransomware attacks. A multi-agency ransomware task force has been created that will lead both