The Biden administration announced a package of ransomware-fighting actions across the federal government Thursday morning, topped by a $10 million bounty on foreign state sponsored cybercrime.
That program, which falls under the State Department’s Rewards For Justice initiative, will offer the payout for information leading to the identification or location of any person running a cybercrime operation under the supervision or control of a foreign country.
“Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources,” the State Department said in a statement.
The Biden administration also announced an interagency ransomware task force, formalizing and centralizing discussions happening across various stakeholders across government, and the Cybersecurity and Infrastructure Security Agency launched stopransomware.gov, a website that collects ransomware advice.
The ransomware actions follow a tumultuous year for ransomware, where high-profile attacks against Colonial Pipeline and JBS interrupted critical supply chains and lead to other government actions, including executive orders and regulatory decrees. The recent Kaseya cyberattacks on managed service providers struck more than a thousand downstream businesses in a day.
The administration has not commented, in public or in private, about potential involvement in aspects of the REvil ransomware group’s infrastructure suddenly going offline this week, though experts caution it is not uncommon for criminal infrastructure to go offline on its own accord.