Regulators and industry join to fight ransomware
With an increasing number of people forced to work from their homes, data suggests that ransomware attacks are at their all-time highest with the frequency of these incidents increasing by 45% over the course of April 2021 alone. Not only that, some are adamant that the rise in ransomware attacks is closely connected to the meteoric growth of the crypto sector.
Also, in the midst of the recent positive crypto market activity, news of the United States regulators aggressively studying the link between crypto and ransomware seems to be dampening the mood somewhat, especially since various government agencies are seemingly seeing crypto ransomware as a big issue requiring stringent action.
As digital asset adoption continues to spread across the U.S., it appears as though lawmakers are looking to better understand how these offerings can be used for a slew of legal as well as illegal purposes. For example, the Ransom Disclosure Act, which was introduced by Senator Elizabeth Warren and Representative Deborah Ross on Oct. 5, requires victims of ransomware attacks to disclose information about any ransom payments they may have faced to the Department of Homeland Security (DHS).
The goal here, as per Warren and Ross, is to amass critical data on fiat and cryptocurrency payments, which can eventually be used by relevant regulatory agencies to protect investors from cybercrimes as well as to curb any illicit financial activities taking place in the United States. Furthermore, the bill also seeks to investigate the direct role of cryptocurrencies in ransomware attacks, an effort that will be helmed by the Department of Homeland Security.
Similarly and just recently, Deputy Attorney General Lisa Monaco revealed that the Justice Department has launched a new initiative dubbed the National Cryptocurrency Enforcement Team that looks to weed out any projects that can allow criminals to launder their crypto proceeds. “We want to strengthen our capacity to dismantle the financial ecosystem that enables these criminal actors to flourish and to profit from what they’re doing,” Monaco was quoted as saying.
What’s driving this wave?
To gain a better understanding of why the U.S. regulators are making such a concerted effort to crack down upon any crypto-related ransomware, Cointelegraph reached out to Kadan Stadelmann, chief technological officer for open-source blockchain solutions provider Komodo.
In his view, one quick look at data available online shows that all kinds — not just crypto — of ransomware attacks are becoming more frequent, adding: “Just look at the statistics. Palo Alto Networks reported last month that the average ransom payment for 2021 is currently around $570,000 — 82% higher than the 2020 average of $312,000. 2020 was also much worse than 2019.” He added:
“To reverse this trend, a more mature regulatory landscape is necessary for the blockchain industry as well as improved cybersecurity as a whole in the next decade.”
When asked about whether major spending on such research activities is warranted, Stadlemann opined that not only should governments be putting more measures in place but they should also allocate additional funds and resources in regard to the same. On the subject, he went on to state that governments can begin by adopting policies that ensure companies and anyone running critical infrastructure are better prepared for such events: “Together, having both proactive and reactive plans for cybersecurity would certainly reduce the fallout of ransomware attacks.”
Sharing a relatively similar sentiment, Du Jun, co-founder of cryptocurrency exchange Huobi, told Cointelegraph that it is the responsibility of every government to prevent Anti-Money Laundering (AML) as well as Combating the Financing of Terrorism (CFT) within their borders, adding that it is only natural for the U.S. government to have taken the regulatory actions it has to regulate its crypto market. He added:
“It is difficult to deal with cryptocurrencies as a payment method, given the lack of clarity regarding responsibility for AML/CFT compliance and the lack of a central oversight body. These actions may introduce challenges to crypto businesses but will be good for the ecosystem in the long run, protecting investors from uncertainty and fostering a better business environment.”
Lastly, he opined that in addition to supervision alone, the American government ought to also allocate more resources to encourage the growth of new businesses within this space, making the country more competitive and appealing to crypto enthusiasts.
The spending is justified
Taking a more numbers-oriented approach to the matter, Marie Tatibouet, chief marketing officer for cryptocurrency trading platform Gate.io, told Cointelegraph that in 2020, the total ransom paid by cyberattack victims reached nearly $350 million worth of crypto. With that figure in mind, she added:
“This number is inevitably going to keep increasing year on year. So Warren’s ‘Ransom Disclosure Act’ on paper makes sense. If you are a victim, you must disclose information about ransom payments no later than 48 hours after the payment date.”
That said, she did acknowledge that the primary issue that most people have with the U.S. government is that, of late, Biden and company have been cracking down very hard on the crypto industry via the introduction of the recent infrastructure bill, as well as other sanctions. “So, it is understandable why people have been a little cautious about anything that the government does,” Tatibouet added.
Sergey Zhdanov, chief operating officer for digital currency trading platform EXMO, told Cointelegraph that the measures taken by the U.S. confirm the fact that regulatory authorities are not looking to ban cryptocurrencies (the way China did) but rather want to carve out a way through which digital assets can be incorporated into the traditional financial system. He then went on to state:
“Coming up with new effective methods to stop the illegal use of cryptocurrencies and money laundering is a crucial step that will take the crypto industry to its next level of development.”
Increased regulations a win-win for everyone?
Hunain Naseer, senior editor for OKEx Insights, told Cointelegraph that the regulatory efforts being initiated globally seek to usher in a level of clarity to this space that can help make it easier for investors to enter this fast-growing space with complete peace of mind. He further expounded on the subject by saying:
“It makes sense to focus on such initiatives that make online interactions and commerce, including cryptocurrency transactions, safer for all. These steps will also contribute toward regulators allowing a wider variety of crypto-based financial products for retail.”
Nischal Shetty, founder of cryptocurrency exchange WazirX, told Cointelegraph that any regulatory steps that seek to track and eliminate criminal activities should always be welcome, especially in an industry as fast-growing as this.
In his view, the rationale behind such movements seems to quite clearly be rooted in governments ultimately wishing to protect consumers without stifling innovation, adding: “For crypto, it’s an even more of a positive sign as this proves that digital asset innovation can thrive while ensuring criminal activities are identified and eliminated.”
Furthermore, On Oct 5. blockchain analytics firm Chainalysis announced that it had facilitated the purchase of cybercrime investigative company Excygent for an undisclosed amount, hinting that the buyout will enable the two firms to work together and “dismantle ransomware operations” that may be active globally.
In the past, Chainalysis has collaborated with Excygent on the seizure of cryptocurrency connected to the now-defunct darknet market Silk Road, as well as in the shutting down of various terrorism and child abuse portals operating online.
In general, crypto native blockchain analytics firms have grown to accrue support not only from the U.S. government but also a number of significant private players, with CipherTrace being bought out by a mainstream entity — in this case like MasterCard — earlier this year.
What is the future of ransomware crime?
As the crypto landscape continues to evolve and grow, Chainalysis CEO Michael Gronager believes that tracing the flow of ransomware payments on the blockchain will be instrumental for law enforcement agencies to deter, analyze and dismantle any ransomware operations in existence today, as he told Cointelegraph:
“As paradoxical as it seems, it can actually be beneficial to investigators when bad actors choose to use cryptocurrency when committing crimes.”
In this regard, it is pertinent to mention that hackers have become wise to the fact that, contrary to what people keep reiterating like crypto is totally anonymous, it is in fact actually extremely easy to trace individual transactions back to their owners, since all records and transitions are maintained on a blockchain.
Additionally, amid the slew of recent big hack stories such as the ones related to Poly Network and SushiSwap, the interesting thing is that the incidents did not result in the platform or its users losing any money, as companies and regulators stepped in to secure the movement of funds through the blockchains. And while that may be bad for the notion of decentralization, the fact of the matter remains that the funds are safe.
Gronager further alluded to cases such as NetWalker, a ransomware operator who allegedly targeted hospitals during the pandemic and collected more than $25 million from ransom payments in 2020, as well as Suex OTC, a firm that allegedly allowed hackers to access crypto sent as payment for ransomware attacks, as prime examples of why increased defense against ransomware is needed in this day and age.
Thus, the fact that regulatory agencies are making decisive steps to focus on crypto ransomware-related initiatives, is not unilaterally welcomed by everyone in the crypto industry. While some believe more can be done to make the digital asset ecosystem safer for newer entrants through the use of regulation, others say that the role of ransomware in crypto is overblown and that tight regulation will stifle freedoms and worsen the image of the industry.
However, most agree that ransomware has no place in the industry and that regulation, if done right, will go a long way toward securing the industry and ensuring long-term prosperity and adoption.