The State Department is offering a reward of up to $10 million for information that leads to the identification or location of hackers acting under the control of a foreign government who target U.S. critical infrastructure, according to the announcement published Thursday.
The announcement says the reward covers, but is not limited to, ransomware. But the reward may not cover information related to a wide range of ransomware actors, as the announcement says it applies to hackers that are "acting at the direction or under the control of a foreign government." Although Russia often tolerates cybercriminals within its borders, many of those groups are not necessarily directly under the control of the Russian government.
"Violations of the statute may include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer," the announcement reads.
"Protected computers include not only U.S. government and financial institution computer systems, but also those used in or affecting interstate or foreign commerce or communication," the announcement adds, referring to the scope of the reward program.
The State Department has also set up a Tor hidden service where people can more securely report the information. The system appears to be run on the SecureDrop software, which journalists often use to receive documents or tips anonymously.