Target crypto ransomware payments with sanctions

The administration has focused enforcement efforts on the primary sources of the attacks, which both private sector and government analysts say are in Russia and former Soviet satellite nations where Moscow exerts strong political influence.

Crypto analytics firm Chainalysis said the digital paper trail of blockchain transactions associated with ransomware payments shows most were paid into accounts in the former Soviet Union states of Eastern Europe.


The Biden administration also has been seeking to internationalize the struggle against ransomware.

That collaboration follows from a vow late last year by the leaders from the Group of Seven wealthiest democracies late last year vowed to collectively act against ransomware, citing the crypto payments in particular.

Though many U.S.

U.s. to target crypto ransomware payments with sanctions

Tornado Cash was used for smaller heists too, according to the firm, including a July attack on non-fungible token (NFT) platform OMNI to steal 1,300 ETH, worth $1.4 million at the time.

“This is not the first time the Treasury has focused on mixers – they designated in May – but Tornado Cash has been the mixer of choice for North Korea and other cybercriminals and taking it out has clearly been a national security priority for the US government.”

The Lazarus Group has also used in order to process over $20.5 million in illicit proceeds funneled from a $620 million virtual currency heist of a blockchain project linked to online game Axie Infinity.

The Treasury Department declined to comment.

These proposed measures would be the Biden administration’s most significant move to address the wave of ransomware attacks that have only grown in scale and frequency over the last year. In May, one of the largest US pipelines, Colonial Pipeline, was taken offline after a ransomware attack.
The company paid more than $4 million in ransom to the attackers in order to bring the pipeline back online. Earlier this month, Howard University closed after a ransomware attack interrupted the school’s computer and technology services.

In May, President Biden signed an executive order making it easier for government and private sector businesses to share information in the wake of cyberattacks.

Beyond the Lazarus Group, was utilized to help facilitate money laundering for various ransomware groups like Trickbot, Conti, Ryuk and Gandcrab, according to the Office of Foreign Assets Control (OFAC). However, while was a centralized mixer, Tornado Cash is a decentralized service and combines users’ crypto through a series of smart contracts that are controlled by an anonymous community of token holders.

While this gives users further anonymity, it also presents more challenges for law enforcement.

The U.S. government’s strategy to crack down on ransomware has included targeting illicit cryptocurrency transactions, including ones that transfer ransomware proceeds.

Leaders must work together to readily share information, develop prosecution agreements for cybercriminals and impose sanctions against rogue nations that harbor cyber pirates.

  • Don’t Pay the Ransom

    Law enforcement agencies encourage individuals and organizations not to pay fees to cybercriminals. However, many organizations choose to pay anyway to restore their data ASAP and protect their data, people, and reputation.However, keep in mind that before paying criminals any money that:

    • What appears to be ransomware may actually be scareware; a fake attack.
    • Criminals may take your money and run without restoring your data.
  • In fact, data breaches cost companies an estimated $4.24 million per incident on average — a 17-year high (Fox Business).

    No industry is immune to the attacks with the following paying ransom via cryptocurrency in 2020 and 2021:

    • The Colonial Pipeline, providing approximately half of the fuel supply for the East Coast, paid hackers $4.4 million in cryptocurrency. The company shut down the pipeline and paid the ransom the day they received the threatening note.
      It took six days to get up and running again.
    • The world’s largest meat processing company, JBS, paid an $11 million ransom to cyber thieves. They were forced to stop operations at 13 of their plants by a Russian ransomware gang.

    At a meeting between the two leaders in July, Mr. Biden warned that he would take “any action necessary” to defend the U.S. against ransomware emanating from within Russia’s borders.

    The summit was followed by bilateral talks between senior U.S. and Russian officials, But those negotiations have yielded little progress, senior administration officials say.

    “There is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment they have created there,” FBI Deputy Director Paul Abbate said Tuesday at an intelligence conference.


    Treasury in late 2019 tied Russian intelligence to a company, Evil Corp., that private-sector analysts have since tagged as the creator of two major ransomware programs.

    The government has also announced an array of new programs to better target illicit virtual payments, including the DoJ’s National Cryptocurrency Enforcement team, which investigate DoJ cases involving the criminal use of cryptocurrency; and the FBI’s Virtual Asset Exploitation Unit, a specialized team of cryptocurrency experts that will provide support and training for the FBI.

    Ari Redbord, head of Legal and Government Affairs with TRM Labs, said the new sanctions represent a message to other crypto mixing services “that they need to bake in compliance controls to thwart money laundering.”

    “Today’s action against Tornado Cash is OFAC’s most impactful action to date in the crypto space,” said Redbord. “The size and scale of Tornado Cash makes it a big target for Treasury and for illicit actors who have moved billions of laundered funds through the service.

    You can purchase cryptocurrency using real money.

    “Cryptocurrency is a form of digital payment you can use to purchase goods and services online.”

    These companies use blockchain technology, spread across many different computers that manage and record transactions. It’s a highly secure form of technology, however, it’s also anonymous and hard to trace, making it extremely attractive to cybercriminals today.

    Why is Cryptocurrency Used for Ransomware?

    Using cryptocurrency, cybercriminals can transport vast amounts of money across international boundaries within seconds.

    The Biden administration is preparing to issue a series of actions, including sanctions, to make it more difficult for hackers to profit off of ransomware attacks through the use of digital currency, as first reported by the Wall Street Journal on Friday.

    According to the Journal, the Treasury Department plans to impose these new sanctions as soon as next week. The sanctions would reportedly target specific traders and cryptocurrency exchanges, in the hope of deterring exchanges from processing these transactions when they’re made.
    The department will also issue new guidance for businesses regarding the risks they take on by complying with ransomware payment requests.

    Leave a Reply

    Your email address will not be published.