Article Details

A pot of $250K is now available to ransomware researchers, but it feeds a commercial product. Security bods can earn up to $10K per report. Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists. "We want to eradicate ransomware," Steve Salinas, a senior director of product marketing at Halcyon, told The Register. "It is the most damaging type of attack. Not only does it bring organizations to a grinding halt, but in the absolute worst case, it could mean that they can no longer continue their business." To that end, the ransomware prevention and recovery firm on Monday rolled out its Threat Research Incentive Program (TRIP), the first-ever initiative to pay researchers who submit ransomware-specific intelligence, Salinas said. The biz is committing $250,000 to the kitty to start. It's not altruistic. The bulk of the ransomware info being submitted will go to improve Halcyon's anti-ransomware engine, rather than automatically ending up in a publicly available database for all network defenders to freely access. "After vetting, we may share select intel we believe to be critical to protect against an emerging threat," Salinas said. "We want to reward folks that are doing that research, and then help to incorporate it into the technology and services that we're delivering with the goal of bringing more of these attacks to a stop early, and helping organizations from becoming victims," Salinas said. The Reg asked why not open source all of the submissions if the goal is to eliminate the scourge of ransomware? Here's what Salinas said: Some intel could possibly identify the victim, which could not be shared, and some intel could tip off the threat actors and allow them to adjust TTPs which would hinder further investigation, detections and mitigation for victims. As well as responsibly contributing to the community, Halcyon will also leverage the intel to help protect customers. So while we fully support independent researchers getting paid for their efforts — and potentially finding future employment as a threat analysts — we want to make it clear that the security shop and its customers are going to be the ones benefiting the most from the bounty program. The program has four tiers, with the most valuable info (Tier 1) earning researchers up to $10,000 per submission. This includes new details on ransomware groups, ransomware-as-a-service platforms, and names and other info about affiliates, initial access brokers, and other key players in ransomware operations. Tier 2, which pays up to $5,000, includes information on attacker tooling, infrastructure, evasion techniques and other tactics, techniques and procedures. Researchers can earn up to $3,000 for Tier 3-level submissions such as information on droppers, loaders, packers, and other tooling used. Finally, Tier 4 submissions on indicators of compromise or groups' behaviour chains are worth up to $1,000 per report accepted. It's also important to note that this is not an effort to get ransomware affiliates to rat out their bosses, and you're not going to get paid in bitcoin. "Payouts go through traceable, compliant channels only," the company warns on its website. Plus, Halcyon won't issue rewards payments to individuals affiliated with ransomware groups, extortion groups, or any sanctioned individuals or organizations. The program requires researchers to affirm sourcing and their independent status, and all of the submissions will be vetted and approved by Halcyon analysts. "It's going to be extremely attractive for the researchers," Salinas said, adding that the criminals themselves are probably not going to see this as an opportunity to "turn on this group, and then they're going to retire. It's not as attractive to that audience."