The Biden administration is making a new push to disrupt ransomware attacks on American companies, offering a $10 million reward for information that leads to the arrest of the gangs behind the extortion schemes and attempting to make it easier to trace and block cryptocurrency payments, administration officials said Thursday.
The announcements come as the White House prepares to release a broader strategy -- combining better defenses and an effort to disrupt the ransomware operations -- in coming weeks.
An increasingly brazen spate of ransomware attacks has become a complex test for Biden, who has declared that the hacks, many emanating from Russia, are a national security threat. Administration officials say Biden is conscious of the need to avoid an escalating series of actions that could damage both nations and to protect critical American infrastructure.
In describing the new efforts Thursday, administration officials declined to comment on what happened to REvil, the Russian-language ransomware group that suddenly went silent Tuesday, as its sites on the dark web disappeared. It is unclear whether that was the result of American or Russian action, or the group itself taking a lower profile, but it came just days after Biden called President Vladimir Putin and said that if he didn't rein in the groups, he would.
Outside experts say that based on the evidence they have so far, they believe it is more likely the group shuttered its operations -- perhaps only temporarily -- under Russian pressure.
The rewards program, announced by the State Department, taps into the same kinds of incentives that have been used to pursue terrorism suspects and drug cartel members. The White House is also organizing a task force to deal with ransomware, combining the resources of intelligence agencies, the Treasury Department, the FBI, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
The White House also announced the creation of a website that is intended as a one-stop location to report attacks, and to learn about improving resilience -- including setting up elaborate, offline backup systems for data that would obviate the need to pay ransom.
Sen. Angus King, I-Maine, said after a briefing on the initiative that it starts with "disruption, promoting resilience and cyberhygiene," referring to basic steps such as two-factor authentication that make it harder for most standard ransomware attacks to succeed.
A key element of that initiative is to trace ransomware payments more quickly and efficiently, and seek to block the criminal groups from cashing in.
A senior administration official said the exploitation of virtual currency -- such as Bitcoin -- fuels criminals mounting ransomware attacks by making it easier to launder their funds. Proponents of cryptocurrencies say that is no more of a problem than with cash transactions.
The effort seeks to bolster the kind of "know your customer" rules that govern transactions among traditional financial institutions. And while those rules have sometimes applied to cryptocurrency transactions, that is the exception. Getting international agreement on transparency in such transactions will be an enormous diplomatic task, administration officials concede.
So far there has been one high-profile success: The Department of Justice was able to track and retrieve a large chunk of the $4 million cryptocurrency ransom paid by Colonial Pipeline after it was hit by a ransomware attack. But it is unclear whether the government got lucky or whether it has cracked the system sufficiently to do it again.