Sanctions Take Toll on Laundering Tools Used by Ransomware Gangs
U.S. sanctions in recent months have hammered a handful of cryptocurrency services used by ransomware groups, suggesting Washington can effectively target some tools hackers use to convert digital ransom payments into cash.
The Treasury Department since last year has sanctioned at least three Russia-based crypto exchanges, as well as a mixing service hackers allegedly used to help launder dirty money, barring U.S. companies from transacting with them.
“Sanctions have been catastrophic to their business, severely damaging their operations,” said Jackie Koven, head of cyber threat intelligence at Chainalysis Inc., which analyzes crypto transactions across public ledgers known as blockchains. Ms. Koven and other ransomware experts spoke Tuesday before the Senate Homeland Services and Government Affairs Committee.
The moves took aim at the financial infrastructure supporting ransomware attacks, in which loosely organized gangs shake down businesses for hundreds of millions of dollars annually. Despite Treasury’s apparent impact on specific money laundering tools, cybersecurity experts are uncertain whether sanctions and other policy measures by Washington have reduced such cyberattacks more broadly.
The Treasury Department in September sanctioned Suex OTC in the first such action against a crypto exchange. Deputy Treasury Secretary Wally Adeyemo said at the time that was a warning to other exchanges the Biden administration would “disrupt and deter these criminals by going after their financial enablers.”
Similar measures followed since then against Chatex and Garantex. Operating out of the same tower in Moscow, the three exchanges were prime destinations for ransomware groups trying to move illicit funds, the Treasury said.
In another first, the agency in May sanctioned cryptocurrency mixer Blender.io. North Korean hackers allegedly sent $20.5 million of stolen digital currency to the service to try to swap the dirty money for clean funds.
“What we saw as a result of these designations, especially against Suex, is that deposits dropped nearly to zero as soon as the designations rolled out,” Ms. Koven said.
The sanctions are part of a new and fast-expanding web of Treasury Department designations intended to curb ransomware groups’ profits.
Andrea Gacki, director of the agency’s Office of Foreign Assets Control, said her team has sanctioned more than 300 virtual-currency addresses, making them off-limits for U.S. businesses.
“And we will continue to expose more,” she said, speaking at a Chainalysis blockchain conference last month.
The measures increase potential legal risks for hacked U.S. companies paying ransom to unlock computer systems. Treasury’s advice that companies report payoffs has also led to new compliance protocols among third-parties such as insurers, said Michael Phillips, chief claims officer for cyber-insurance company Resilience.
“I will say that there is substantial confusion about the state of the regime on that level,” he said Tuesday at the RSA Conference in San Francisco.
Some hackers, meanwhile, are changing ransomware tactics to confuse victim companies and to continue drawing payments. Such attacks continue to slam U.S. businesses, security experts say, with some hacker groups increasingly working in smaller cells, rotating malware variants or employing different crypto tools to conceal their identities.
At Tuesday’s Senate hearing, Megan Stifel, chief strategy officer at the Institute for Security and Technology think tank, said sanctions are one tool among many in Washington’s cyber arsenal. She added that a recently approved law requiring many critical-infrastructure companies to report ransomware payments to the Department of Homeland Security will provide Treasury much-needed data to identify additional targets.
“Without an adequate picture of the scale and scope of this type of cybercrime, it inhibits the governments’ ability to identify and develop that sanctions package,” she said.
Article credit: https://www.wsj.com/articles/sanctions-take-toll-on-laundering-tools-used-by-ransomware-gangs-11654637128