Ransomware Snitches Wanted — $250,000 Bounty Offered (2025)

Ransomware remains a lucrative criminal enterprise in 2025, with no sign of the threat from organized cybercrime groups easing up. Quite the opposite, in fact, according to new reports. As the FBI issues warnings for organizations to repel innovative new attacks, and initiatives are started to gain a stealthy surveillance foothold in dark web criminal forums for intelligence purposes, one dedicated anti-ransomware platform has massively upped the stakes by launching a first of its kind bounty program for people to provide inside information on the criminals behind the attacks.

ForbesChinese Ghost Hackers — Driven By Profit, Making America PayBy Davey Winder

New Ransomware Threat Research Incentive Program Has a Big Budget

Compared to the millions that highly organized and equally highly successful ransomware groups can make every year, $250,000 is but a drop in a particularly offensive-smelling ocean. The big money in ransomware is made by relatively few people. The kingpins at the top of the criminal tree rake it in, while those doing the donkey work as affiliates can also make the big bucks but with a much greater chance of getting caught factored in. Yet, that $250,000 could well be enough to become more than just a thorn in the side of the ransomware industry if Halcyon has anything to do with.

Eradicate ransomware together is the motto of the Halcyon Threat Research Incentive Program, known as TRIP for short, which launched April 21. Thought to be the world’s first threat intelligence bounty initiative dedicated entirely to the ransomware threat, TRIP has put rewards on information covering everything from the ransomware groups themselves to attacker tooling and infrastructure, as well as behavior chains.

It should be noted that Halcyon has made it very clear that “no payments to individuals affiliated with ransomware groups, extortion groups or on an Office of Foreign Assets Control list” will be made. That said, all other researchers and interested parties can participate in the program with the following four reward tiers:

• Tier 1: Novel details on ransomware groups, RaaS platforms, affiliate attackers, initial access brokers and other key players in ransomware operations will be rewarded up to $10,000 per accepted submission.
• Tier 2: Novel details on attacker tooling, infrastructure, evasion techniques and other TTPs will be rewarded up to $5,000 per accepted submission.
• Tier 3: Novel details on droppers, loaders, packers and other tooling will be rewarded up to $3,000 per accepted submission.
• Tier 4: Novel details on indicators of compromise or behavior chains will be rewarded up to $1,000 per accepted submission.

ForbesNew Gmail Warning — Do Not Open This Email From GoogleBy Davey Winder

“We are calling on independent researchers and ransomware hunters to join us in our fight to stop attacks,” Jon Miller, CEO at Halcyon, said. “Whether you’re a full-time reverse engineer, OSINT specialist, or passionate about defending others,” Miller continued, “Halcyon wants to work with you.” Find out how to submit intelligence to TRIP here.