One cybersecurity expert says doubling the reward won't do any good.

Edward Gately, Senior News Editor

July 29, 2022

3 Min Read
North Korea hacker

The United States has doubled the available reward for useful information on North Korea state-sponsored attacks on U.S. health care and other critical infrastructure.

According to Dark Reading, the federal Rewards for Justice program is now offering a $10 million reward for information. The State Department has a tip line where anyone can submit information on North Korean-sponsored threat actors. Those include Lazarus Group, Kimsuky, BlueNoroff and Andariel, all linked to the North Korea government.

Earlier this month, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released a joint cybersecurity advisory on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target health care and public health sector organizations.

Doubling Reward Won’t Matter

Andrew Hay is Lares Consulting‘s COO. He doesn’t believe increasing the reward for information will matter.


Lares Consulting’s Andrew Hay

“The only thing I see it generating is a flood of more calls with misleading, suspect or false information that will only waste the FBI’s time,” he said.

Jamie Boote is associate principal consultant at Synopsys Software Integrity Group. He said North Korea’s exports have dropped from billions in 2016 to tens of millions over the past year. This drop in legitimate sources of income has pushed North Korea’s government to sustain itself on illicit activities.


Synopsys’ Jamie Boote

“Ransomware is an incredibly profitable enterprise if practiced from beyond the reach of punishing governments,” he said. “The logistics of acquiring some ransomware malware packages and sending them out to potential victims is a small investment when some victims are willing to pay millions to unlock their data and restore operations. In the past, ransomware cells have operated out of countries without strong diplomatic ties to western governments.”

Russia actively turns a blind eye to ransomware operations that target U.S. and European victims, Boote said. And the chilling relationship has intensified in 2022.

Western Governments Beginning to Fight Back

The U.S. tip line is an indication that Western governments are beginning to fight back, Boote said. But they can’t be too active without escalating tensions.

“Companies should continue to practice proper cyber hygiene to prevent and mitigate the threats of ransomware attacks like this,” he said. “Proper awareness training programs and education efforts will prevent employees from providing the first entry point for ransomware. Proper email scanning and intrusion detection can block ransomware at the border or limit its spread. Network segmentation can limit the spread. And a proper backup recovery scheme can help restore operations without providing funding that will inevitably fund additional ransomware attacks against more victims.”

Casey Ellis is Bugcrowd‘s founder and CTO. He said North Korea’s use of ransomware as a means to generate national revenue was once an open-secret. But it’s now pretty well documented and openly discussed.


Bugcrowd’s Casey Ellis

“Health care as a sector continues to be vulnerable to ransomware due to aging equipment, lack of security support, and the technology and health care pressures created by COVID-19, so this suggests that [North Korea] is a persistent threat to the U.S.,” he said. “As for the reward, it’ll be interesting to see if the amount starts to act as a deterrent, or if it prompts anyone complicit with state-sponsored activities to go turncoat and inform on their fellow operators. At the very least, the reward would be creating a crisis of trust within the [North Korean] teams working on these attacks.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like