November 27, 2022

U.S. Looks Into Cryptocurrency’s Role in Ransomware Hacks

The Biden administration is examining cryptocurrency’s role in recent hacks that have disrupted important U.S. industries including healthcare, fuel and food, exploring new ways to track victims’ payouts to foreign ransomware gangs.

White House officials this week said they are pushing to better trace ransomware payments, which hackers demand to unlock companies’ data.

The move came after a cyberattack this weekend caused meat processor

JBS SA

to pause production at U.S. and Australian plants. That incident followed last month’s hacks of Colonial Pipeline Co. and Scripps Health in San Diego, showing how such extortion schemes can snarl the U.S. economy and disrupt daily life.

The White House didn’t respond to requests for details on its approach to tracking the transactions or whether additional regulation is in the works.

Deputy National Security Adviser Anne Neuberger at a press conference in May.



Photo:

Evan Vucci/Associated Press

In a letter to business leaders Wednesday, Deputy National Security Adviser

Anne Neuberger

said U.S. officials are working with international partners on consistent policies for when to pay ransoms and how to trace them.

Hackers ask for ransoms in cryptocurrency because it is difficult to pursue across digital wallets and national borders. U.S. officials discourage companies from paying ransoms, but many do so when losing data would cripple their businesses. Paying hackers who are affiliated with sanctioned entities, however, risks penalties from the Treasury Department.

Some cybersecurity experts say the spate of attacks underscores the need for a more aggressive approach to monitoring crypto payments. In April, a task force of major tech companies and U.S. officials called for governments to enforce know-your-customer rules, similar to Treasury regulations, to improve transparency and accountability of bitcoin and other digital money.

“There are some responsibilities that come with being a responsible, mature currency in the world,” said Michael Daniel, a former Obama administration official who is now chief executive of the Cyber Threat Alliance, a nonprofit intelligence-sharing group.

But hackers and the exchanges that process their payouts often operate overseas, limiting Washington’s regulatory power. Improved oversight of cryptocurrency exchanges abroad, which some cyber experts say face lower regulatory standards, could require international cooperation or pressure.

Ransomware specialists, however, are skeptical that restrictions on bitcoin payments or tighter regulations will slow the growth in ransomware. Restrictions on individual digital currencies such as bitcoin mean criminals will just switch to another, less-regulated, currency, and any regulation strong enough to deter payments to criminals will take a long time to develop, said Lior Div, chief executive of cybersecurity firm Cybereason Inc., which develops software designed to combat ransomware.

More From WSJ Pro Cybersecurity

Prominent U.S.-based cryptocurrency exchanges say they use strong controls to prevent money laundering and identify clients. Marco Santori, chief legal officer for Payward Inc.’s Kraken cryptocurrency exchange, said Kraken’s controls are equal to those at major banks, and that large exchanges are in frequent communication with regulators.

“There’s this meme out there that crypto is unregulated and crypto participants don’t engage with the government. It just couldn’t be further from the truth,” he said.

Businesses including Colonial—which paid $4.4 million in bitcoin to a gang known as DarkSide, believed to be in Eastern Europe—often make such payments to avoid costly outages of their computer networks or the hard work of restoring systems from backup data.

Colonial Pipeline supplies about 45% of the fuel consumed on the East Coast.



Photo:

Drew Angerer/Getty Images

A representative for JBS didn’t respond to requests for comment. A spokeswoman for Scripps Health declined to comment.

Victims that pay ransoms typically engage third-party brokers such as Chicago-based DigitalMint to convert their cash to cryptocurrency. DigitalMint officials said they collect standard know-your-customer data on clients and check hackers’ digital wallets for potential overlap with sanctioned entities in countries such as Russia, where many ransomware groups operate.

Payments made by DigitalMint tend to go directly to overseas markets. “A lot of what we see ends up at these big foreign exchanges,” said Seth Sattler, DigitalMint’s director of compliance.

Ransomware groups often spread cryptocurrency among many digital wallets to disguise themselves and to hide potential connections with sanctioned entities, Mr. Sattler said.

The Financial Crimes Enforcement Network, a part of the Treasury Department known as FinCEN, has proposed additional rules in December for many cryptocurrency transactions, requiring U.S.-based banks and money-service businesses to vet some customers and report transactions over $10,000.

Dmitri Alperovitch,

chairman of the Silverado Policy Accelerator, a think tank, said the FinCEN regulators should also require companies to report the exchanges they use. That information could help Treasury pinpoint which exchanges or affiliated entities to target with sanctions, he said.

“Virtually every exchange around the world is dealing in some form or fashion with U.S. currency,” Mr. Alperovitch said. “The U.S. could absolutely pressure all of them through sanctions and the like to adopt the same policies.”

A spokeswoman for the Treasury Department said it received over 7,000 comments on the proposed rule, and is working with the concerned parties to ensure the final regulation balances costs and benefits to the public and private sectors. The department is monitoring emerging risks in this area daily, the spokeswoman added.

Some ransomware victims and their cybersecurity consultants voluntarily report to law enforcement data about ransom payments, such as dates, wallet addresses and amounts, said Bill Siegel, chief executive of Coveware Inc., a firm that helps clients respond to incidents and negotiate with attackers.

“It’s just a question of what they [law-enforcement officials] do with it,” he said. “There’s nothing from a regulatory perspective that I think would be effective in this, outside of creating a broad mandatory reporting requirement for victims of ransomware.

Write to David Uberti at [email protected] and James Rundle at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Amazon and Apple Built Vast Wireless Networks Using Your Devices. Here’s How They Work.

May 7, 2021

May 7, 2021

What to do if you’re a globe-spanning tech titan that wants to connect millions or even billions of devices, but...

Apple and the End of the Car as We Know It

May 22, 2021

May 22, 2021

Now that the car is evolving into essentially a smartphone on wheels, it’s no wonder Apple is kicking the tires....

Hackers Stole $650,000 From Nonprofit and Got Away, Showing Limits to Law Enforcement’s Reach

June 7, 2021

June 7, 2021

Just before Christmas 2020, hackers began to steal from One Treasure Island, a nonprofit that is redeveloping its namesake island...

For Startup Leaders, SPACs Have Lost Their Allure

May 23, 2021

May 23, 2021

Startup chief executives are turning a cold shoulder to SPACs. Skeptical CEOs say they are turning down offers from special-purpose...

Microsoft’s Combination of CEO and Chairman Roles Goes Against Trend

June 17, 2021

June 17, 2021

Microsoft Corp.’s move to combine the roles of its chief executive and chairman goes against recent governance trends. The Redmond,...

Cambridge Mobile Buys Rival as Telematics Helps Set Car-Insurance Payments

June 17, 2021

June 17, 2021

Cambridge Mobile Telematics, one of the largest technology firms focused on the growing business of collecting information about individuals’ driving...

What I’ll Remember Most About My Pandemic Year: A Teen Time Capsule

June 26, 2021

June 26, 2021

By WSJ Staff June 26, 2021 11:00 am ET This past year has had a particularly profound impact on teenagers:...

Bitcoin Price Slips on Elon Musk’s Breakup Meme Tweet

June 4, 2021

June 4, 2021

Bitcoin, dogecoin and other cryptocurrencies skidded Friday, extending their monthlong rout, following another cryptic tweet from Elon Musk. Bitcoin was...

Google Faces EU Antitrust Probe of Alleged Ad-Tech Abuses

June 22, 2021

June 22, 2021

The European Union opened a formal antitrust investigation into allegations that Google abuses its leading role in the advertising-technology sector,...

DraftKings Shares Fall After Hindenburg Unveils Short Position

June 15, 2021

June 15, 2021

Shares of DraftKings Inc. DKNG -4.17% slid as much as 12% on Tuesday after short seller Hindenburg Research said that...

MicroStrategy to Sell New Bitcoin Bond

June 7, 2021

June 7, 2021

MicroStrategy Inc. MSTR -5.77% is borrowing $400 million in junk bonds to buy more bitcoins, adding to the company’s bet...

Amazon Could Use Less Prime Time

June 22, 2021

June 22, 2021

Prime Day has long been about more than Amazon just keeping itself busy over the slow summer. But this may...

Chinese Surveillance-Gear Maker Hikvision Has Ties to Country’s Military, Report Says

May 25, 2021

May 25, 2021

HONG KONG—The world’s largest maker of surveillance equipment has long-established links to China’s military, including conducting a study with Chinese...

Zoom Reports Customer Growth in Latest Quarter, Raises Expectation

June 1, 2021

June 1, 2021

Zoom Video Communications Inc. ZM -1.15% said that its largest customers by revenue more than doubled from a year earlier,...

Lordstown Motors Says It Needs to Raise Cash, Lowers Production Forecast

May 24, 2021

May 24, 2021

Electric-truck startup Lordstown Motors Corp. RIDE 0.94% said Monday it faces higher-than-expected costs, is cutting its 2021 production forecast by...