- Following the recent cyber attacks, the U.S. government recognises ransomware attacks as one of the biggest national security threats
- To curb the issue, White House officials are looking for ways to trace the transactions lining the hackers’ pockets
- The spate of attacks calls for stricter regulations, but there isn’t much that a regulator could do that’d be effective in such situations
The Biden administration recognises ransomware attacks as one of the biggest security threats the nation faces today, one that needs to be given similar priority as terrorism. Following the recent cyber attack on the largest meat producer, JBS SA, suspending production in the U.S. and Australia plant over the weekend; and also the preceding ransomware hacks of the Colonial Pipeline Co. and Scripps Health in San Diego, authorities are now studying cryptocurrency’s role in all this.
Ransomware Attacks: A Grave Threat To The U.S. Economy
Recently, cyberattacks have gravely disrupted the U.S. economy; from healthcare to fuel and food, no industry is safe. While the targets and methods might be different, what all these attacks have in common is the goal, ransom or extortion. Keeping that in mind, White House officials are now exploring new ways to track those victim payouts, reported the WSJ.
Hackers’ Dirty Extortion Schemes
In such extortion schemes, the hackers first plant their ransomware in the target firm’s system, then when the bug starts causing issues, they demand payments to set them free. And although the U.S. officials discourage companies from paying ransoms, some businesses would cripple if the data is lost and thus give in to the demands. The ransoms are collected in cryptocurrencies, owing to the difficulty in pursuing them across digital wallets and national borders. Plus, the hacker gangs and exchanges processing their payouts often operate overseas, further limiting the regulator’s regulatory power.
White House To Trace The Victim Payouts
To curb the threat that such hacks have over the economy, the White House pushes to trace better the transactions lining the miscreant’s pockets, per this week’s report. This Wednesday, in an open letter to “corporate executives and business leaders,” Deputy National Security Adviser Anne Neuberger revealed that they are working with international partners on consistent policies for when to pay ransoms and how to trace them. However, the officials have yet to disclose their ’approach’ details and whether additional regulations are to come.
Situation Demands Strict Actions, But ‘It’s Complicated’
According to some cybersecurity experts, the spate of attacks calls for a more aggressive approach in monitoring crypto payments, enforcing stricter regulations to improve transparency and accountability of digital currencies. However, seeing as most of such conducts occur beyond the national borders, improved oversight of cryptocurrency exchanges abroad could require international cooperation or pressure.
CEO of Cybereason Inc., a cybersecurity firm, Lior Div explained, restrictions on a single coin, like Bitcoin (BTC), is not enough as criminals can simply switch to another, less regulated cryptocurrency. And developing a regulation strong enough to dissuade the payouts will take a long time.
Hackers Exploit Cyber Vulnerabilities & Vanish Post-Payout
Businesses like Colonial, which recently paid BTC worth $4.4 million to the East European gang, DarkSide, prefer paying the ransom amount over the long power outages or data theft. To them, the computer network shut down, and the time taken to restore the system and recover the data could cost more than the payouts. Such victims typically go for third-party brokers, like DigitalMint, to convert their cash to crypto. The Chicago-based firm first collects the standard client data and checks the criminal digital wallets for potential overlap with sanctioned entities. Since paying any such affiliated hacker risks penalties from the Treasury Department.
From DigitalMint, the payments directly go to the overseas markets, lots of which end up “at big foreign exchanges,” shared Seth Sattler, director of compliance at DigitalMint. Also, the ransomware gangs often spread the received amount in several digital wallets to elude suspicion and hide links.
Promising Proposed Regulations Still In-Process
In December, Treasury Department’s Financial Crimes Enforcement Network, a.k.a. FinCEN, proposed additional rules, which required the U.S.-based financial service providers to:
- Verify the customers’ identities and provided personal details,
- Examine and keep track of transactions of or over $3,000 with any unhosted or covered wallet,
- Report all transactions exceeding $10,000.
Silverado Policy Accelerator chairman, Dmitri Alperovitch, suggested FinCEN include another point requiring companies to report the exchanges they use. He believes it’ll help the Treasury to “pinpoint” the exchanges or affiliated entities to target with sanctions. Alperovitch said, since “virtually” every exchange worldwide is dealing with the USD in one form or another, the U.S. could pressure them “to adopt the same policies.”
The Treasury Department reported receiving more than 7,000 comments over the proposed rule and is currently working with the concerned authorities to monitor risks and ensure a balanced, beneficial and cost-efficient final regulation.
Regulations Aren’t Enough; Victims Must Come Forward.
Sharing his insight, Bill Siegel, the CEO of Coveware Inc., a firm that helps businesses remediate ransomware, said some cyber victims voluntarily report the ransom payment data, such as date, amount and wallet addresses. After that, it all depends on the law-enforcement officials and “what they do with it.” Per Siegel, there’s nothing that a regulator could do except maybe creating a board for mandatory ransomware reports.