The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure.
According to Politico, federal agencies are not only being encouraged to not only promote the hardening of security at critical infrastructure companies, but are also being given approval for offensive action – “such as launching cyberattacks on ransomware operators.”
Of course, “hacking back” against a cybercriminal gang – state-sponsored or otherwise – is not the only action that agencies can take. In the past, the US authorities have sometimes proven themselves adept at disrupting ransomware operators by taking down servers and infrastructure, working closely with allies around the world, and finding ways to intercept ransomware payments.
But even if a ransomware gang does find its operations in disarray, it’s often not long before it re-emerges or others take its place.
A $10 million reward, however, might be enough to help some cybercriminals reconsider their allegiances, and share information with the US authorities.
With that in mind, the US government has created a method for those with information about malicious activity to to reach out anonymously, and share information via a SecureDrop about hackers working at the direction of or under the control of a foreign government.
Tips can be left at the SecureDrop with a Tor browser at he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion/
Those less concerned about their anonymity can learn more on the Rewards for Justice website.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/us-offers-10-million-reward-in-hunt-for-state-sponsored-ransomware-attackers/