U.S. Government sets up ransomware task force, offers $10 million reward for info

The U.S. Government has set up a cross-agency ransomware task force, a hub for ransomware resources, and is offering $10 million for information on state-sponsored cyber attackers.

ransomware task force

“Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector and our communities,” the U.S. Department of Justice said in the announcement.

“Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021, and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed.” integrates ransomware resources from all U.S. federal government agencies into a single platform that includes guidance on how to report attacks and the latest ransomware-related alerts and threats from the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the DOJ’s FBI, the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

A $10 million reward for info on state-sponsored cyber attackers

Simultaneously, the U.S. Department of State announced that it’s offering a reward of up to $10 million “for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

These violations include:

  • Transmitting extortion threats as part of ransomware attacks
  • Intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer, and
  • Knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer.

“We encourage anyone with information on malicious cyber activity, carried out against U.S. critical infrastructure in violation of the CFAA by actors at the direction of or under the control of a foreign government, to contact the Rewards for Justice office via our Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required),” the announcement said.

Aaron Portnoy, Pwn2Own architect and Principal Scientist at Randori, noted that attribution will be the most difficult part of claiming such a bounty, as it requires the identified party to be a state entity rather than a given ransomware group.

“It’s widely suspected that the most prolific of these groups are not operating directly under the direction of their host governments, but rather with tacit approval or indifference. Those with the ability to actually tie a given ransomware attack to a nation state are likely to be those with privileged information within the government under scrutiny, which of course comes with its own complications and potential fallout from disclosing such details. I suspect we won’t see many claimants, even if a bounty is collected, for fear of retribution. This move is more of an incentive to recruit foreign informants than your everyday internet sleuths.”

A ransomware task force

These announcements come a few days after reports of on a new(ish) cross-government task force established to coordinate the fight against ransomware.

“With the task force’s oversight, federal agencies are taking actions such as promoting digital resilience among critical infrastructure companies, working to halt ransom payments made through cryptocurrency platforms and coordinating activities with U.S. allies,” Politico’s Eric Geller reported.

The Biden administration is apparently also mulling over the possibility of “launching disruptive cyberattacks on hacker gangs”, as well as working on setting up partnerships with private sector organizations (including cyber insurance providers and critical infrastructure companies) to engage in sharing information about ransomware attacks.

Andy Bennett, VP of Technology and CISO at Apollo Information Systems says that the question now is what’s next.

“How will they include the private sector? How will they go beyond the beltway and functions of the federal government, and enable and empower the whole country? Protecting the government is critical, but arguably more damage is done, and is able to be done, by targeting businesses of all sizes and across all sectors. This is a great first step, but it is just the first of many to confront the whole of the problem,” he explained.

“It is a really good sign that the task force is offering such significant incentives for information that leads to shutting down these ransomware groups, but it begs the question of where else they should, could, and will invest in helping. There are thousands of underfunded schools and agencies across the nation, as well as mom-and-pop shops and small businesses, that are still completely unprepared and unable to deal with cyber issues.”

He also notes that collaboration between agencies is critical for developing a strategy and combining expertise to fight the current epidemic of ransomware attacks.

“Unlike conventional terrorism, cyberattacks and the means to counter them are not unique to government. It would be preposterous to think of putting anti-aircraft guns on the roof of every skyscraper, but the cybersecurity equivalent is exactly what is needed in every agency, school, and company across the country. This task force is absolutely worthwhile and, if done right, will have significant impacts in improving efforts to combat and build resilience to ransomware for all areas of government,” he concluded.