January 27, 2022

U.S. Looks Into Cryptocurrency’s Role in Ransomware Hacks

The Biden administration is examining cryptocurrency’s role in recent hacks that have disrupted important U.S. industries including healthcare, fuel and food, exploring new ways to track victims’ payouts to foreign ransomware gangs.

White House officials this week said they are pushing to better trace ransomware payments, which hackers demand to unlock companies’ data.

The move came after a cyberattack this weekend caused meat processor

JBS SA

to pause production at U.S. and Australian plants. That incident followed last month’s hacks of Colonial Pipeline Co. and Scripps Health in San Diego, showing how such extortion schemes can snarl the U.S. economy and disrupt daily life.

The White House didn’t respond to requests for details on its approach to tracking the transactions or whether additional regulation is in the works.

Deputy National Security Adviser Anne Neuberger at a press conference in May.



Photo:

Evan Vucci/Associated Press

In a letter to business leaders Wednesday, Deputy National Security Adviser

Anne Neuberger

said U.S. officials are working with international partners on consistent policies for when to pay ransoms and how to trace them.

Hackers ask for ransoms in cryptocurrency because it is difficult to pursue across digital wallets and national borders. U.S. officials discourage companies from paying ransoms, but many do so when losing data would cripple their businesses. Paying hackers who are affiliated with sanctioned entities, however, risks penalties from the Treasury Department.

Some cybersecurity experts say the spate of attacks underscores the need for a more aggressive approach to monitoring crypto payments. In April, a task force of major tech companies and U.S. officials called for governments to enforce know-your-customer rules, similar to Treasury regulations, to improve transparency and accountability of bitcoin and other digital money.

“There are some responsibilities that come with being a responsible, mature currency in the world,” said Michael Daniel, a former Obama administration official who is now chief executive of the Cyber Threat Alliance, a nonprofit intelligence-sharing group.

But hackers and the exchanges that process their payouts often operate overseas, limiting Washington’s regulatory power. Improved oversight of cryptocurrency exchanges abroad, which some cyber experts say face lower regulatory standards, could require international cooperation or pressure.

Ransomware specialists, however, are skeptical that restrictions on bitcoin payments or tighter regulations will slow the growth in ransomware. Restrictions on individual digital currencies such as bitcoin mean criminals will just switch to another, less-regulated, currency, and any regulation strong enough to deter payments to criminals will take a long time to develop, said Lior Div, chief executive of cybersecurity firm Cybereason Inc., which develops software designed to combat ransomware.

More From WSJ Pro Cybersecurity

Prominent U.S.-based cryptocurrency exchanges say they use strong controls to prevent money laundering and identify clients. Marco Santori, chief legal officer for Payward Inc.’s Kraken cryptocurrency exchange, said Kraken’s controls are equal to those at major banks, and that large exchanges are in frequent communication with regulators.

“There’s this meme out there that crypto is unregulated and crypto participants don’t engage with the government. It just couldn’t be further from the truth,” he said.

Businesses including Colonial—which paid $4.4 million in bitcoin to a gang known as DarkSide, believed to be in Eastern Europe—often make such payments to avoid costly outages of their computer networks or the hard work of restoring systems from backup data.

Colonial Pipeline supplies about 45% of the fuel consumed on the East Coast.



Photo:

Drew Angerer/Getty Images

A representative for JBS didn’t respond to requests for comment. A spokeswoman for Scripps Health declined to comment.

Victims that pay ransoms typically engage third-party brokers such as Chicago-based DigitalMint to convert their cash to cryptocurrency. DigitalMint officials said they collect standard know-your-customer data on clients and check hackers’ digital wallets for potential overlap with sanctioned entities in countries such as Russia, where many ransomware groups operate.

Payments made by DigitalMint tend to go directly to overseas markets. “A lot of what we see ends up at these big foreign exchanges,” said Seth Sattler, DigitalMint’s director of compliance.

Ransomware groups often spread cryptocurrency among many digital wallets to disguise themselves and to hide potential connections with sanctioned entities, Mr. Sattler said.

The Financial Crimes Enforcement Network, a part of the Treasury Department known as FinCEN, has proposed additional rules in December for many cryptocurrency transactions, requiring U.S.-based banks and money-service businesses to vet some customers and report transactions over $10,000.

Dmitri Alperovitch,

chairman of the Silverado Policy Accelerator, a think tank, said the FinCEN regulators should also require companies to report the exchanges they use. That information could help Treasury pinpoint which exchanges or affiliated entities to target with sanctions, he said.

“Virtually every exchange around the world is dealing in some form or fashion with U.S. currency,” Mr. Alperovitch said. “The U.S. could absolutely pressure all of them through sanctions and the like to adopt the same policies.”

A spokeswoman for the Treasury Department said it received over 7,000 comments on the proposed rule, and is working with the concerned parties to ensure the final regulation balances costs and benefits to the public and private sectors. The department is monitoring emerging risks in this area daily, the spokeswoman added.

Some ransomware victims and their cybersecurity consultants voluntarily report to law enforcement data about ransom payments, such as dates, wallet addresses and amounts, said Bill Siegel, chief executive of Coveware Inc., a firm that helps clients respond to incidents and negotiate with attackers.

“It’s just a question of what they [law-enforcement officials] do with it,” he said. “There’s nothing from a regulatory perspective that I think would be effective in this, outside of creating a broad mandatory reporting requirement for victims of ransomware.

Write to David Uberti at david.uberti@wsj.com and James Rundle at james.rundle@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Hey, 2021 Grads, These Apps Can Prepare You for Adulting

May 29, 2021

May 29, 2021

After college, life is full of decisions about 401(k)s, health insurance and budgeting. Apps like Realworld, Credit Karma and Mint...

What is the Metaverse? The Future Vision for the Internet

November 6, 2021

November 6, 2021

People will be able to do almost anything in the metaverse: attend concerts, watch UFC fights, participate in work meetings....

Apple’s New iPad Pro vs. MacBook Air: The Best M1 Device for You

May 19, 2021

May 19, 2021

The gap between the Mac and the iPad is the tightest it has ever been. The iPad Pro is now...

Florida’s New Law Bars Twitter, Facebook and Others From Blocking Political Candidates

May 25, 2021

May 25, 2021

Florida Gov. Ron DeSantis signed a bill on Monday aimed at making big tech platforms more accountable for their content...

Lordstown Motors Looks to Reset Its Course a Day After CEO’s Exit

June 15, 2021

June 15, 2021

Executives at troubled electric-truck startup Lordstown Motors Corp. said Tuesday that the company has enough interest from potential buyers to...

Government Antitrust Lawsuits Against Facebook Thrown Out by Federal Judge

June 28, 2021

June 28, 2021

WASHINGTON—A federal judge on Monday dismissed antitrust lawsuits the federal government and most states filed against Facebook Inc., a major...

WhatsApp Says It Filed Suit in India to Prevent Tracing of Encrypted Messages

May 26, 2021

May 26, 2021

Facebook Inc.’s FB 0.97% WhatsApp said it filed a lawsuit in India to stop new government rules that would require...

Palantir and DoorDash CEOs Top List of Biggest Pay Packages in 2020

June 3, 2021

June 3, 2021

Palantir Technologies Inc. PLTR 6.03% and DoorDash Inc. DASH 0.38% gave their longtime chief executives special stock awards worth hundreds...

Apple’s Annual Developer Conference Caps a Tense Year

June 7, 2021

June 7, 2021

Apple Inc.’s AAPL 1.90% annual conference for software developers begins Monday. It arrives with something unusual for the iPhone maker:...

Pinterest Vows to Add More Female Executives, Workers of Color

May 18, 2021

May 18, 2021

Pinterest Inc. PINS 0.77% has set new targets for increasing the number of women in leadership and improving racial and...

Big-Tech Critics Regroup in Push to Reshape Facebook

June 30, 2021

June 30, 2021

Critics of big tech firms cheered after prosecutors and lawmakers made moves against Facebook Inc. Recent developments have underscored the...

High-Profile Hacks Leave Ransomware Gangs With Unwanted Publicity

May 25, 2021

May 25, 2021

Ransomware groups may be trying to retreat from the spotlight—and preserve their business models—after high-profile attacks in recent weeks disrupted...

Senate Nears Approval of Bill to Keep U.S. Lead in Technology

May 28, 2021

May 28, 2021

WASHINGTON—The Senate appeared poised to pass legislation aimed at helping the U.S. maintain its lead in technology amid rising competition...

Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom

May 19, 2021

May 19, 2021

The operator of the Colonial Pipeline learned it was in trouble at daybreak on May 7, when an employee found...

China’s Emerging Tech Firms Grapple With Losses

June 7, 2021

June 7, 2021

The red ink is piling up at China’s emerging technology champions, as these companies spend heavily in a bid to...