BOSTON (AP) — The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity, including ransomware attacks, against critical U.S. infrastructure. A task force set up by the White House will coordinate efforts to stem the ransomware scourge.
The Biden administration is also out with a website, stopransomware.gov, that offers the public resources for countering the threat and building more resilience into networks, a senior administration official told reporters.
The rewards come from the State Department’s Rewards for Justice program. It will offer a tips-reporting mechanism on the dark web to protect sources who might identify cyber attackers and/or their locations, and reward payments may include cryptocurrency, the agency said in a statement.
The administration official would not comment on whether the U.S. government had a hand in Tuesday’s online disappearance of REvil, the Russian-linked gang responsible for a July 2 supply chain ransomware attack that crippled well over 1,000 organizations globally by targeting Florida-based software provider Kaseya. Ransomware scrambles entire networks of data, which criminals unlock when they get paid.
Cybersecurity experts say REvil may have decided to drop out of sight and rebrand under a new name, as it and several other ransomware gangs have done in the past to try to throw off law enforcement.
Another possibility is that Russian President Vladimir Putin actually heeded President Joe Biden’s warning of repercussions if he didn’t rein in ransomware criminals, who enjoy safe harbor in Russia and allied states.
The last one doesn’t seem likely.