Multimillion-dollar rewards bolster White House anti-ransomware bid

21 July 2021, 11:05

The inside of a computer
Cybersecurity Ransomware Reward. Picture: PA

The money is being offered under the State Department’s Rewards For Justice programme.

The US State Department is offering rewards of up to 10 million US dollars (£7.2 million) for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity against critical American infrastructure, including ransomware attacks.

The White House – which has launched a task force to co-ordinate efforts to stem the ransomware scourge – has also created the stopransomware.gov website, offering the public resources for countering the threat and building more resilience into networks, an official said.

Another measure being announced on Thursday to combat the ransomware onslaught is from the Financial Crimes Enforcement Network at the Treasury Department. This will engage banks, technology firms and other organisations on better anti-money-laundering efforts for cryptocurrency and more rapid tracing of ransomware proceeds, which are paid in virtual currency.

Officials are hoping to seize more extortion payments in ransomware cases, as the FBI did in recouping most of the 4.4 million US dollars (£3.2 million) ransom paid by Colonial Pipeline in May.

The inside of a computer
Ransomware scrambles entire networks of data, which criminals unlock when they get paid (Jenny Kane/AP)

The rewards are being offered under the State Department’s Rewards For Justice programme. It will offer a tips-reporting mechanism on the dark web to protect sources who might identify cyber attackers and/or their locations, and reward payments may include cryptocurrency, the agency said in a statement.

The official would not comment on whether the US government had a hand in Tuesday’s online disappearance of REvil, the Russian-linked gang responsible for a July 2 supply chain ransomware attack that crippled more than 1,000 organisations globally by targeting Florida-based software provider Kaseya. Ransomware scrambles entire networks of data, which criminals unlock when they get paid.

Cybersecurity experts say REvil may have decided to drop out of sight and rebrand under a new name, as it and several other ransomware gangs have done in the past to try to throw off law enforcement.

Another possibility is that Russian President Vladimir Putin actually heeded US President Joe Biden’s warning of repercussions if he did not rein in ransomware criminals, who enjoy safe harbour in Russia and allied states.

But this seems unlikely, given Kremlin spokesman Dmitry Peskov’s statement to reporters on Wednesday in which he said he was unaware of REvil sites disappearing.

“I don’t know which group disappeared where,” Mr Peskov said.

He added that the Kremlin deemed cybercrimes “unacceptable” and meriting of punishment, but analysts say they have seen no evidence of a crackdown by Mr Putin.

By Press Association