The State Department announced Tuesday that they are offering a reward of up to 10 million dollars for information leading to six Russian intelligence hackers responsible for the infamous 2017 NotPetya malware. This malware knocked out Chornobyl’s radiation monitoring system and did more than $1 billion in damage to several U.S. organizations.
The reward is part of the State Department’s Rewards for Justice program and extends beyond just the six Russian intelligence hackers responsible for NotPetya to “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.”
The Rewards for Justice program has paid more than $200 million to more than 100 tipsters across the globe since it launched in 1984.
Why do we care?
I wasn’t aware of this program – and let’s observe that the State Department also just opened their new bureau for cyber. Tips at this level are valuable – and it’s encouraging to see a landscape of investment in gathering intelligence.
For those unfamiliar, dig into your bug bounty programs or your vendors to understand their security incentives.