The U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

Officials said in a release that this included ransomware attacks targeting “critical infrastructure.” 

In addition to ransomware, the notice mentions a number of other cyber violations and notes that it applies to government computers as well as “those used in or affecting interstate or foreign commerce or communication.”

To receive the information in a secure fashion and to protect the safety of potential sources, the Department of State set up a tips-reporting service on the dark web:

http://he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion [access through Tor browser]

For this purpose, RFJ is using the SecureDrop platform that is typically used by journalists for secure communication with their sources and to protect their identity by using random codes instead of usernames.

Additionally, payments through the RFJ program may also be in cryptocurrency, which can help tipsters maintain their anonymity and receive the reward.

The RFJ program started in 1984 and has paid more than $200 million to over 100 individuals offering information that helped in the fight against terrorism (prevent terrorist acts, bring terrorists to justice) and deal with threats against U.S. national security.

“More information about this reward offer is located on the Rewards for Justice website at www.rewardsforjustice.net.”