The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure.
According to Politico, federal agencies are not only being encouraged to not only promote the hardening of security at critical infrastructure companies, but are also being given approval for offensive action – “such as launching cyberattacks on ransomware operators.”
Of course, “hacking back” against a cybercriminal gang – state-sponsored or otherwise – is not the only action that agencies can take. In the past, the US authorities have sometimes proven themselves adept at disrupting ransomware operators by taking down servers and infrastructure, working closely with allies around the world, and finding ways to intercept ransomware payments.
But even if a ransomware gang does find its operations in disarray, it’s often not long before it re-emerges or others take its place.
A $10 million reward, however, might be enough to help some cybercriminals reconsider their allegiances, and share information with the US authorities.
With that in mind, the US government has created a method for those with information about malicious activity to to reach out anonymously, and share information via a SecureDrop about hackers working at the direction of or under the control of a foreign government.
Tips can be left at the SecureDrop with a Tor browser at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion/
Those less concerned about their anonymity can learn more on the Rewards for Justice website.
Meanwhile another website, stopransomware.gov has been created by the US government to educate about the threat of ransomware, provide guidance on how to reduce the chances of an attack, and advise on how victims should report incidents to the authorities.
In recent days US President Joe Biden has increased pressure on Vladimir Putin to act against ransomware groups operating out of Russia.
At a briefing the latest initiative, no mention was made of the recent outage of the REvil ransomware gang’s infrastructure.
There has been much speculation online as to whether REvil’s operations might have been disrupted following actions by the United States, closed due to pressure from the Kremlin, or whether or not it may be a signal that REvil has decided for itself to quit the ransomware scene due to increasing heat around the ransomware threat.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.