US to Unveil Sanctions on Use of Cryptocurrency for RansomsReport: Treasury Department to Announce Sanctions as Early as This Week
As early as this week, the Biden administration may unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks to date.
According to the Journal, the agency is considering levying fines and other penalties on businesses that cooperate with hackers - including exchanges and mixer services that may allow cybercriminals to launder illicit funds.
Officials familiar with the administration's plans tell the Journal that the sanctions may target specific entities and actions conducted over distributed ledgers and not the wider, emerging asset class, thus addressing ongoing concerns from some crypto advocates and industry watchers who say regulatory overreach will stifle financial innovation.
Nonetheless, officials reportedly say this action aims to serve as a deterrent against fulfilling ransom demands - and could focus on both the digital wallets that house ransom payments and the platforms that help obfuscate the funds.
Treasury Department officials are also expected to implement additional anti-money laundering and terror-financing regulations later this year to reduce the role cryptocurrencies play in ransom payouts and other illicit activity on the darknet.
The reported sanctions may represent the most stringent anti-ransomware policies to date as the Biden administration attempts to weaken certain digital finance features that have facilitated anonymous extortion - sometimes even double or triple extortion - efforts by cybercriminals amid crypto-locking attacks.
The Treasury Department and White House did not immediately respond to Information Security Media Group's request for more information.
Experts Weigh In
According to Mike Hamilton, former vice chair for the Department of Homeland Security State, Local, Tribal, and Territorial Government Coordinating Council and currently CISO for Critical Insight, sanctions may "not completely break the backs of the ransomware gangs," but show that "the Biden administration has become a 'black belt' at the use of market forces to create change in both the carrot of the public purse and the stick of business sanctions."
Frank Downs, a former NSA offensive analyst, tells ISMG, "Implementing sanctions in a smart, targeted manner against marketplaces with proven disregard for accountability aims to tackle one of cryptocurrency's biggest inherent dangers: money laundering."
Downs, currently the director of proactive services for the security firm BlueVoyant, adds, "By targeting those specific companies and marketplaces, the administration would illustrate its desire to try and not throw the baby (crypto) out with the bath water."
He notes that certain exchanges do not ask for proof of identification, or provide transaction data for tax reporting purposes. This "allows nefarious users to operate with an additional level of secrecy and obfuscation."
Other experts are not as optimistic. John Bambenek, principal threat hunter at the security firm Netenrich, says: “Trying to penalize people paying for ransoms has never worked and has no hope of success. More importantly, you are telling businesses that it is more important for them to close than to continue operating.”
Disruptive Efforts in the Works
Activity from the Biden administration to disrupt ransomware attacks follows a string of devastating incidents that began in May, all involving Russian-language groups. Conti hit Ireland's National Health Service; DarkSide disrupted U.S.-based Colonial Pipeline, causing consumers to panic-buy fuel; and REvil - aka Sodinokibi - attacked meat processing giant JBS as well as remote management software firm Kaseya. The latter attack resulted in more than 1,500 organization's systems being forcibly encrypted and held to ransom.
Biden met with Russian President Vladimir Putin in a June summit in Geneva in which he detailed several critical infrastructure sectors that must remain off-limits to criminal hackers. He said he warned Putin that if Russia failed to act, the U.S. reserved the right to do so.
During a panel at the Intelligence and National Security Summit last week, FBI Deputy Director Paul Abbate said, "Based on what we've seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there" (see: Russia Has Taken No Action to Combat Ransomware, FBI Says).
In addition to the Geneva summit, other White House efforts to undermine ransomware's effectiveness include the launch of a joint ransomware task force, and diplomatic efforts from Anne Neuberger, the deputy national security adviser for cyber and emerging technology, to combat cybercrime. Also, the country's first-ever national cyber director, Chris Inglis, now leads the administration's efforts to improve cyber resilience of U.S. organizations and its government agencies.
In May, Biden also issued an executive order on cybersecurity that covered a host of issues and describes how government agencies should evaluate the software they buy. It mandates that the executive branch agencies deploy multifactor authentication, endpoint protection and response, and encryption. And it calls for agencies to adopt "zero trust" architectures and more secure cloud services.
The goal, White House officials said, is to modernize the government's IT infrastructure while creating standards to help combat cyberattacks - including ransomware incidents (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).