U.S. Doubles Reward for Information on North Korea Cyberattackers

The United States has doubled the available reward for useful information on North Korea state-sponsored attacks on U.S. health care and other critical infrastructure.

According to Dark Reading, the federal Rewards for Justice program is now offering a $10 million reward for information. The State Department has a tip line where anyone can submit information on North Korean-sponsored threat actors. Those include Lazarus Group, Kimsuky, BlueNoroff and Andariel, all linked to the North Korea government.

Earlier this month, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released a joint cybersecurity advisory on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target health care and public health sector organizations.

Doubling Reward Won’t Matter

Andrew Hay is Lares Consulting‘s COO. He doesn’t believe increasing the reward for information will matter.

Lares Consulting’s Andrew Hay

“The only thing I see it generating is a flood of more calls with misleading, suspect or false information that will only waste the FBI’s time,” he said.

Jamie Boote is associate principal consultant at Synopsys Software Integrity Group. He said North Korea’s exports have dropped from billions in 2016 to tens of millions over the past year. This drop in legitimate sources of income has pushed North Korea’s government to sustain itself on illicit activities.

Synopsys’ Jamie Boote

“Ransomware is an incredibly profitable enterprise if practiced from beyond the reach of punishing governments,” he said. “The logistics of acquiring some ransomware malware packages and sending them out to potential victims is a small investment when some victims are willing to pay millions to unlock their data and restore operations. In the past, ransomware cells have operated out of countries without strong diplomatic ties to western governments.”

Russia actively turns a blind eye to ransomware operations that target U.S. and European victims, Boote said. And the chilling relationship has intensified in 2022.

Western Governments Beginning to Fight Back

The U.S. tip line is an indication that Western governments are beginning to fight back, Boote said. But they can’t be too active without escalating tensions.

“Companies should continue to practice proper cyber hygiene to prevent and mitigate the threats of ransomware attacks like this,” he said. “Proper awareness training programs and education efforts will prevent employees from providing the first entry point for ransomware. Proper email scanning and intrusion detection can block ransomware at the border or limit its spread. Network segmentation can limit the spread. And a proper backup recovery scheme can help restore operations without providing funding that will inevitably fund additional ransomware attacks against more victims.”

Casey Ellis is Bugcrowd‘s founder and CTO. He said North Korea’s use of ransomware as a means to generate national revenue was once an open-secret. But it’s now pretty well documented and openly discussed.

Bugcrowd’s Casey Ellis

“Health care as a sector continues to be vulnerable to ransomware due to aging equipment, lack of security support, and the technology and health care pressures created by COVID-19, so this suggests that [North Korea] is a persistent threat to the U.S.,” he said. “As for the reward, it’ll be interesting to see if the amount starts to act as a deterrent, or if it prompts anyone complicit with state-sponsored activities to go turncoat and inform on their fellow operators. At the very least, the reward would be creating a crisis of trust within the [North Korean] teams working on these attacks.”