US authorities are offering $10 million for info on nation-state cyber-attacks
US authorities are offering around $10 million in cryptocurrency for information ultimately causing the identification of state-sponsored cyber-attackers.
Under the scheme, which takes place under the Department of State’s Rewards for Justice (RFJ) program, payouts is likely to be awarded for the identity or location of anyone who, “while acting at the direction or beneath the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).
A media release states that violations include threats made during ransomware attacks, unauthorized access to a protected computer with intention to steal sensitive data, and intentionally causing damage without authorization to a protected computer.
This system has setup a reporting channel accessible on the dark web to greatly help protect the safety and security of potential sources.
“Reward payments may include payments in cryptocurrency,” said the Department of State.
More info on how best to access the Tor-based reporting channel is found in the release.
In the pipeline
The offer of a reward comes whilst the US continues to experience cyber-attacks against critical infrastructure that have caused chaos throughout the nation.
In May this year, a ransomware attack on gas supplier Colonial Pipeline cut off services to multiple states on the east coast.
Attackers leveraging DarkSide malware demanded $4.3 million in bitcoin – a sum which was reportedly paid out by the company.
Security professionals previously told The Daily Swig that in paying ransoms, organizations risk perpetuating a “feedback loop of malicious activity” that “allows the groups to reach a greater degree of sophistication during their next attacks, whether that be via training, world market darknet (www.dom-ita.com) new tooling, purchasing credentials, or recruitment.