US takes aim at cryptocurrencies in bid to stem ransomware

White House convenes counter-ransomware summit; Treasury warns private companies about facilitating payments

The administration of President Joe Biden is seeking to crack down on the use of cryptocurrencies in ransomware attacks. (Tom Williams/CQ Roll Call file photo)
The administration of President Joe Biden is seeking to crack down on the use of cryptocurrencies in ransomware attacks. (Tom Williams/CQ Roll Call file photo)
Posted October 19, 2021 at 7:00am

The Biden administration last week took several steps to crack down on the use of cryptocurrencies, which have become the most popular way that criminal groups demand ransom payments after carrying out devastating cyberattacks.

The White House convened a virtual counter-ransomware summit of officials from 30 countries, also last week, and the group pledged cooperation to “inhibit, trace, and interdict ransomware payment flows, consistent with national laws and regulations, which will drive down economic incentives for ransomware actors.”

The Treasury Department on Friday warned private companies dealing with virtual currencies that facilitating ransom payments using digital money could run afoul of U.S. sanctions laws.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Wally Adeyemo, deputy Treasury secretary, said in a statement. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”

Companies and individuals that process or operate virtual currencies may be subject to U.S. sanctions law because either an individual receiving the ransom payment or the country where the recipient is located may be subject to such laws, the Treasury department warned. 

The administration and Congress are increasingly focused on cracking down on the illicit use of cryptocurrencies in cyberattacks, said Philip Reiner, CEO of the Institute for Security and Technology.

Earlier this year, the institute assembled a group of experts from industry, government, law enforcement and international organizations, called the Ransomware Task Force, which made several recommendations on how to combat ransomware.

One of the key recommendations was “requiring cryptocurrency exchanges, crypto kiosks, and over-the-counter trading desks to comply with existing laws,” Reiner wrote in an email.

So-called know-your-customer laws require financial institutions to verify a customer’s identity while doing business with the institution, and “requiring cryptocurrency exchanges to comply” with such laws “would help stem the flow of money that allows ransomware actors to thrive,” Reiner said.

Laws aimed at combating money laundering and terrorism financing “should also be applied and reinforced by federal and global actors,” Reiner said.

The administration’s efforts to combat ransomware attacks follow a series of devastating attacks in the past six months that have disrupted gas supplies along the East Coast and affected the functioning of city and local governments, as well as hospitals and schools.

The Treasury Department released statistics showing a significant jump in ransomware payments during the first half of the year.

For the first six months of the year, the Financial Crimes Enforcement Network, or FinCEN, identified $590 million in ransomware-related suspicious activity reports, a 42 percent increase compared with a total of $416 million for all of 2020, Treasury said in a report published Friday.

If the trend continues through 2021, the total value of suspicious activity reports for the year could exceed the value of such reports filed for the previous 10 years combined, Treasury said.

The 30-nation virtual summit also addressed three other aspects of combating ransomware attacks, the White House said.

Officials from the participating countries agreed to step up basic security protocols such as maintaining offline data backups, using strong passwords and multifactor authentication, ensuring that software patches are up to date, and educating users against clicking suspicious links or opening untrusted documents, the White House said in a joint statement.

The countries also agreed to improve law enforcement cooperation, including sharing intelligence, to “degrade and hold accountable ransomware criminal operators.”

In several recent large-scale ransomware attacks, the perpetrators are said to be criminal groups such as REvil and DarkSide, operating out of Russia. Similar groups are also said to operate out of North Korea, China and Iran.

The countries that gathered for the summit also agreed to pursue diplomatic efforts to pressure those countries that provide safe havens to criminal groups.

The White House summit included close U.S. allies such as the U.K., Australia, Canada, New Zealand, France, Germany, Japan and Israel, as well as South Korea, Singapore, United Arab Emirates, India and South Africa.

Pressed to explain why Russia, a major source of cyberattacks, was not included in the meeting, White House officials told reporters that the Biden administration was pursuing a direct channel with Moscow and was waiting to assess those efforts before including the country in future discussions.

Russia and China may have to be included in future talks, Reiner said.

“Given that a single nation’s laws and capabilities are insufficient to tackle this global threat, Russia and China will need to be included in multinational talks to encourage a worldwide response,” Reiner said.

Leaving out the two countries, each with substantial cyber capabilities, could result in “weaknesses in the global cyber system that may result in cybercriminals escaping without consequences, which incentivizes additional attacks,” Reiner said.