In response to the crippling ransomware attacks on major U.S. companies like Microsoft, Colonial Pipeline, and Kaseya, President Joe Biden’s administration has stepped up to crack down on cybercriminals. For the first time, a financial rewards program offering up to $10 million against evidence of state-run hacking groups has been initiated.
The official release said, “The U.S. Department of State’s Rewards for Justice (RFJ) program, which the Diplomatic Security Service administers, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”
According to the release, the Rewards for Justice Program has set up Dark Web-based tips reporting channel to protect the identity of the sources. The sources may be paid via cryptocurrency, too. The RFJ program includes an interagency team of cybersecurity experts, network engineers, system admins, and law enforcement agencies like the FBI to track ransomware groups, verify tips, and shut down rogue actors.
Ransomware attacks typically consist of a hacker gaining control of your computer and demanding a hefty sum from you in exchange for money — in essence, holding your computer or network ransom. While some hackers use phishing, others go to the extent of honey-trapping and then blackmailing vulnerable employees.
Cybercrime groups are generally privately funded and operate from countries with cordial relations with the United States. Countries like China, North Korea, and, to some extent, Russia falls in this category. Currently, REvil is one of the most profitable and successful ransomware groups in the world. It offers ransomware as a service — and has made millions off it. Anyone with deep pockets can hire a ransomware group and destroy infrastructure networks across the world.
While the Colonial Pipeline attack that shut down gas pipelines is linked to the DarkSide hacking group, the goals are similar — money. The Colonial Pipeline attackers, for instance, demanded $5 million in ransom, which the oil supplier had to pay to regain access. The Department of Homeland Security estimates that cyber attackers netted nearly $350 million in 2020.
White House officials have indicated that ransomware attacks should be treated like acts of terror— a serious escalation in threat perception. The tip of the sword in this war is the Cybersecurity and Infrastructure Security Agency. It works with public and private teams to detect, avert, and prevent cyberattacks. The CISA recently appointed Jen Easterly, ex-Morgan & Stanley, as its new chief since Christopher Krebs stepped down in November 2020. Easterly is a two-time Bronze Star recipient and has served in the U.S. Army for more than 20 years.
Interestingly, REvil’s operations went dark in July. Their dark and clear websites, shell site, ransom negotiation portals, servers, and all the infrastructure has gone offline. Cybersecurity researchers are pointing towards a government subpoena. Is this CISA’s first big victory?