Agencies Unveil Plans to Fight Ransomware—Including Paying for Tips

Federal agencies are coming together on a number of efforts to combat ransomware, including an announcement that millions of dollars are available for tipsters through a State Department program established to pursue terrorists. 

“The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA),” State said Thursday.

The move could have implications for the Treasury Department, which is reportedly looking to work with insurance companies that have made increasingly large ransomware payouts, according to an administration official.

The Rewards for Justice program was set up for reports of terrorism. State is expanding its purview to include cyberattacks as Treasury considers whether those should be covered under a program it started to incentivize insurance companies to issue policies following the attacks of September 11. The Government Accountability Office is also reviewing the suitability of such action.

State is also making the rewards program amenable to payments in cryptocurrency, in the interest of protecting sources who report on state-sponsored cyber crime.

“Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources,” State’s release reads. “The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.”

But pseudonymous cryptocurrencies also provide a way for ransomware criminals to hide their identity and Treasury is reportedly working to gain more visibility into the ransomware ecosystem through a G7 financial task force on standardizing virtual currencies.

On Thursday federal agencies also launched a website in an attempt to streamline access to resources and reports of ransomware to those agencies.

“StopRansomware.gov reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack, by integrating federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies,” according to press releases from the departments of Homeland Security and Justice. “StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the Department of Justice’s Federal Bureau of Investigation (FBI), the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.”