U.S. Aim to Undercut Crypto Ransomware Payments With Sanctions

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

The Biden administration is preparing a lineup of actions, including sanctions, to make it difficult for hackers to use digital currency to profit from ransomware attacks.

The government goal is to cut off access to a form of payment because it has supported the criminal industry and a rising national security threat. Hacker payment demands have grown larger and now can reach into the millions or tens of millions of dollars.

The Treasury Department is arranging the sanctions by next week and will guide businesses on the risks associated with facilitating ransomware payments, including fines. Sources say we can expect new anti-money-laundering and terror-finance rules to limit the use of cryptocurrency as a payment mechanism in ransomware attacks and other illegal activities.

The Biden administration goal is to undercut the digital finance ecosystem of traders, exchanges and other elements that cybersecurity because experts say these elements has allowed debilitating ransomware attacks to flourish in recent years.

Officials declared that ransomware attacks in 2021 have grown more severe than ever. This is a serious threat to critical infrastructure, including power operators, hospitals, and banks.

To effectively disrupt illegal crypto transactions, the Treasury Department needs to know who will receive the ransom transactions, the crypto platforms that help exchange one set of blockchain coins for another, and the people that own or manage those operations.

Instead of blacklisting the entire crypto infrastructure, the sanctions are expected to single out specific targets. The action will be intended to discourage others from continuing their activities.

The administration make this plan after high-profile attacks in the spring, all traced back to criminal groups believed to reside in Russia. The attacks provoked the shutdown of a U.S. fuel pipeline, disrupted a top meat supplier and infected scores of smaller and midsize organizations.

After this chain of events, Fintech proponents and policymakers debate over how to protect the market against criminals, and terrorists without suppressing its growth or creating long-term national security problems.

To help shape the market and stop these crimes, lawmakers and regulators are crafting new rules. The rules are aimed to enhance transparency which should avert transactions by individuals who want their illegal actions to stay hidden.

Regulating agencies have been levying penalties against individuals and companies facilitating illicit finance through the crypto markets. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a warning by “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities,” CISA said in an advisory in late August.

Sanctioning a cryptocurrency exchange that handled ransomware payments could disrupt that firm’s ability to do business and hopefully would scare other cryptocurrency platforms from participating in these transactions.

Ari Redbord, a former senior Treasury security official, said that any sanctions levied by the administration would “most likely be designed to go after those illicit actors themselves, not cryptocurrency or the technology itself, which is simply the payment mechanism.” 

The administration has focused efforts on the primary sources of the attacks being: Russia and former Soviet satellite nations where Moscow exerts strong political influence.

U.S. officials, including President Biden, have suggested that the Kremlin may not be involved in ransomware campaigns. They blame Russian President Vladimir Putin for allowing those groups to permissively operate within his country. In July, Mr. Biden warned that he would take “any action necessary” to defend the U.S. against ransomware emanating from within Russia’s borders.

The Wall Street Journal reported that “Treasury in late 2019 tied Russian intelligence to a company, Evil Corp., that private-sector analysts have since tagged as the creator of two major ransomware programs. Treasury officials said Evil Corp.’s leader, Maksim Yakubets, worked for Russia’s premier intelligence service, the Federal Security Bureau. Mr. Yakubets couldn’t be reached to comment.”

The cybersecurity firm CrowdStrike Inc. stated that evidence suggests the Evil Corp group, now known as Indrick Spider, is responsible for developing the WastedLocker and Hades ransomware programs.

Former U.S. security officials declare that there is evidence suggesting Russian government involvement is within the programs which prevent them from being used on operating systems located in Russia and the former Soviet Union states.

Analysts believe that blacklisting key financial interlocutors in the region, would lock targets out of the Western financial system, would signal its frustration at Moscow, and would send a warning to others if they continue to handle such transactions. This article was originally sourced by The Wall Street Journal.