The U.S. government today announced several new measures to combat ransomware, including rewards of up to $10 million for information leading to the identification of those behind the cybersecurity attacks.

The rewards program is being administered by the U.S. Department of State’s Diplomatic Security Service through the Rewards for Justice program and involves various other U.S. government administrative bodies.

It’s hard to argue with an up to a $10 million reward for information leading to the arrest of ransomware actors, but there is a catch. The giveaway is that the initiative is being run by the State Department rather than the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency or the Federal Bureau of Investigation. According to a State Department media release, the rewards only apply to ransomware gangs that are “acting at the direction or under the control of a foreign government.”

Tips can also be anonymous. “Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources, the State Department wrote. “The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.”

Also included in the initiative is a new website called Stop Ransomware that offers public resources for countering ransomware and building more resilience into networks.

In related news, the U.S. Treasury Department’s Financial Crimes Enforcement Network announced today that it would convene a “FinCEN Exchange” in August with representatives from financial institutions, key industry stakeholders and federal government agencies to discuss ongoing concerns regarding ransomware.

FinCEN said that it anticipates that the meeting will assist government and private sector partners on the next steps to address ransomware and focus resources to mitigate the threat.

“It is always a positive step to offer monetary rewards,” Purandar Das, co-founder and chief security evangelist of encryption-based security company Sotero Inc., told SiliconANGLE, adding that it’s not clear how the awards are distributed and what the various thresholds are.

“It is probably too early to tell whether this would really make an impact on hackers that are under the control of a foreign state,” Das said. “State-sponsored hackers are probably not willing to turn on each other for fear of angering their sponsors. It remains to be seen how the monetary enticement will work for putting a dent in state-sponsored activity.”

Image: Department of State