The United States is offering $10 million rewards for information leading to the identification of cybercriminals after a series of ransomware attacks by hackers believed to be located in Russia.
The U.S. State Department said in a statement on July 15 that it would pay $10 million to anyone who can identify or locate a person who attacks U.S. critical infrastructure online “while acting at the direction or under the control of a foreign government.”
The rewards are part of an existing State Department program called Rewards for Justice. It will offer a dark web channel to help protect the safety of any tipsters. Possible relocation and reward payments by cryptocurrency may be available to eligible sources, it added.
U.S. officials have said that many of the recent ransomware attacks originate in Russia, but a link between the cybercriminals and the Russian government has not been established. Russia denies responsibility.
President Joe Biden raised cybersecurity last month in his summit with Russian President Vladimir Putin, and last week in a phone call urged Putin to “take action” against ransomware groups operating in Russia.
Biden told Putin that the United States will take “any necessary action” to defend Americans and critical infrastructure threatened by cyberattacks, the White House said.
The U.S. on July 15 also unveiled a website that offers guidelines to businesses, groups, and individuals on how to protect themselves and how to respond to attacks.
In another move, the Treasury Department’s Financial Crimes Enforcement Network said it would work on more rapid tracing of ransomware proceeds, which are paid in virtual currency.
The moves are an attempt to “bring all our tools to bear” against cyberattacks, Attorney General Merrick Garland said.
The most recent attack exploited a software product of U.S. company Kaseya and affected an estimated 1,500 businesses around the world. Other prominent ransomware attacks this year disrupted a major U.S. fuel pipeline and a Brazilian meat processor.
Some $350 million was paid to malicious cyberactors last year, a spike of 300 percent from 2019, according to the Department of Homeland Security.