$10 Million Bounty Hunt
The $10 million award offer was made possible under the governments Rewards for Justice program, which is administered by the Diplomatic Security Service. The department is soliciting information that leads to the identification or location of “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)”. The Computer Fraud and Abuse Act criminalizes unauthorized computer intrusions and other forms of fraud related to computers. Over the years, the now 35-year-old act has been amended several times to cover the high-tech cybercriminal conduct we see today. If convicted, criminals face prison sentences of up to 20 years. Since its inception in 1984, the Rewards for Justice program has paid in excess of $200 million to more than 100 people across the globe. They provided actionable information that helped prevent terrorism, brought terrorist leaders to justice, and resolved threats to US national security.
Secure Dropoff of Information
As part of the bounty offer, officials specifically included ransomware attacks targeting critical infrastructure and criminals who knowingly transmit programs, code, or commands that intentionally causes damage to protected computers. Protected computers include devices belonging to government and financial institutions and computer systems affecting interstate or foreign commerce or communication. The department has asked anyone with information on this type of intrusions, or other malicious cyber operations targeted towards the US, to contact Rewards for Justice. Rewards for Justice has Signal, Telegram and WhatsApp tip lines and can engage with people in a variety of languages, not only English. Ethical hackers and informants can also contact Rewards for Justice via a secure tips line located on the dark web. The Tor-based tips-reporting channel can be found at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required). Reward payments may include payments in cryptocurrency.
Ransomware Task Force
Earlier this week, the White House introduced their ransomware task force. This team consists of more than 60 experts from software companies, cybersecurity vendors, government agencies, non-for-profits, and academic institutions. Together, they developed a comprehensive framework to tackle ransomware attacks. As part of this initiative, the government also launched a new website, www.cisa.gov/stopransomware. In 2020, organizations paid approximately $350 million in ransoms to cybercriminals. This is an increase of more than 300% from the previous year. Further, there have already been multiple notable ransomware attacks in 2021. Some targeting critical infrastructure. Others attacking hospitals, police departments, schools, small businesses, and more. In May, a cyberattack paralyzed Colonial Pipeline. In April, unknown perpetrators gained unauthorized access to computer systems of the Washington DC Police. And, in February, cybercriminals attempted to manipulate drinking water in the US state of Florida. Moreover, attacks on small businesses often go unnoticed. This is despite the fact that they make up roughly 75% of all ransomware cases.