Reward will be paid out in cryptocurrency
The US State Department has announced that it is offering up to $10 million for information that can help identify or locate state-sponsored threat actors involved in perpetrating cybercrime, such as ransomware, against critical US infrastructure.
Terming these activities as being in violation of the Computer Fraud and Abuse Act (CFAA), the reward will be dispensed through the State Department’s Rewards For Justice (RFJ) program.
A recent spike in extravagant malicious campaigns against critical US infrastructure led the country to treat such incidents as acts of terrorism, and the association with the RFJ program, conceptualized as a national security initiative, is a natural extension.
“Violations of the statute may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer,” reads the notice as it lists the acts it deems violate the CFAA.
Thinking like the enemy
To facilitate the flow of information, the RFJ has set up a tips-reporting channel on the dark web, capitalizing on its anonymous nature, same as the threat actors, to help to protect the safety and security of all potential sources.
Furthermore, the State Department informed that it is working with “inter-agency partners” to process the shared information in tips without delay.
It adds that the reward payments may include payments in cryptocurrency, once again showing its propensity to use the same tools employed by the perpetrators to turn the tables on them.