$10 Million Reward Offered for Information on Ransomware Attacks
Biden makes a new push in fight against ransomware, including a $10 million award.
The State Department’s new initiative to thwart ransomware attacks includes tracing cryptocurrency payments, as was done in the Colonial Pipeline attack.Credit…Joshua Roberts/Reuters
The Biden administration is making a new push to disrupt ransomware attacks on American companies, offering a $10 million reward for information that leads to the arrest of the gangs behind the extortion schemes and attempting to make it easier to trace and block cryptocurrency payments, administration officials said Thursday.
The announcements come as the White House prepares to release a broader strategy, combining better defenses and an effort to disrupt the ransomware operations, in coming weeks.
An increasingly brazen spate of ransomware attacks has become a complex test for Mr. Biden, who has declared that the hacks, many emanating from Russia, are a national security threat. Administration officials say Mr. Biden is conscious of the need both to avoid an escalating series of actions that could damage both nations, and to protect critical American infrastructure.
In describing the new efforts on Thursday, administration officials declined to comment on what happened to REvil, the Russian-language ransomware group that suddenly went silent early Tuesday, as its sites on the dark web disappeared. It is still unclear whether that was the result of American or Russian action, or the group itself taking a lower profile, but it came just days after Mr. Biden called President Vladimir V. Putin and said that if he didn’t rein in the groups, which are continuing to attack American targets, he would.
Outside experts say that based on the evidence they have so far, they believe it is more likely the group shuttered its operations — perhaps only temporarily — under Russian pressure.
The rewards program, which was announced by the State Department, taps into the same kinds of incentives that have been used in the past to pursue terrorism suspects and drug cartel members. The White House is also organizing a task force to deal with ransomware, combining the resources of intelligence agencies, the Treasury Department, the F.B.I. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
The White House also announced the creation of a website that is intended as a one-stop location to report attacks, and to learn about improving resilience — including setting up elaborate, offline backup systems for data that would obviate the need to pay ransom if a firm’s data is locked up.
Senator Angus King, the Maine independent, said after a briefing on the new initiative that it starts with “disruption, promoting resilience, and cyber hygiene,” referring to basic steps like two-factor authentication that make it harder for most standard ransomware attacks to succeed.
A key element of that initiative is to trace ransomware payments more quickly and efficiently, and seek to block the criminal groups from cashing in.
A senior administration official said the exploitation of virtual currency — like Bitcoin and others — fuels criminals mounting ransomware attacks by making it easier to launder their funds. Proponents of cryptocurrencies say that is no more of a problem than conducting transactions in cash, which also can be cloaked in anonymity.
The effort seeks to bolster the kind of “know your customer” rules that govern transactions among traditional financial institutions. And while those rules have sometimes applied to cryptocurrency transactions, that is the exception, not the rule. Getting international agreement on transparency in such transactions, though, will be an enormous diplomatic task, administration officials concede.
So far there has been one high-profile success: The Department of Justice was able to track and retrieve a large chunk of the $4 million cryptocurrency ransom paid by Colonial Pipeline, which shut down its gasoline, jet fuel and diesel shipments up the East Coast when hit by a ransomware attack. It is unclear whether in that case the government got lucky in its ability to find and seize a cryptocurrency “wallet,” or whether it has cracked the system sufficiently to do it again. In a ransomware case that followed Colonial, hitting a major beef producer, none of the $11 million ransom was recovered.
The ability to move money anonymously, free of government oversight, has been one of the attractions of cryptocurrency, but has also made it a favored payment scheme for hackers and drug dealers. But the administration did not lay out, in press briefings or briefings to Congress on Wednesday, the details of the regulations they hope to apply in the United States to cryptocurrency transactions. It is also not clear how much of the effort will require new regulations around the world and how much can be done by reinterpreting and enforcing existing rules to prohibit money laundering.
The Treasury Department and National Cyber Investigative Joint Task Force will now begin working with industry to improve their real-time sharing, a senior administration official said. The Treasury Department’s Financial Crimes Enforcement Network will hold a conference with financial institutions, technology companies and federal agencies to discuss ways to make it more difficult for hackers to use cryptocurrency in ransomware attacks.
Part of the effort will also focus on cyberinsurance, policies that many companies buy in case they are struck. The Biden administration is trying to assure that the policies are written only for firms that comply with a minimum standards of cybersecurity. The industry has been moving in that direction, but government officials are concerned by evidence that ransomware groups seek out targets that have purchased the insurance.