These are two of 48 recommendations made by a task force in a report Thursday to the Biden administration aimed at fighting the continuing ransomware episodes that plague major corporations, local governments and health-care providers across the world. The task force, organized by the Institute for Security and Technology, said the cyber-attacks have become a $350 million criminal industry -- a four-fold increase from the previous year. Last week, the U.S. Justice Department created its own, independent ransomware task force, signaling growing awareness inside the U.S. government of the now decade-old threat.
Ransomware is a type of malicious code that typically encrypts a victim's data or network of computers. The hackers then demand a ransom to decrypt the information. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee.
The FBI encourages organizations to refuse to pay hackers, but many victims end up doing so because the costs of the attacks can outweigh the ransom demand. Ransomware attacks have forced hospitals to postpone critical treatment, energy providers to cut off power supplies and schools to stop teaching. In some instances, lives are at stake, said Kemba Walden, an attorney in the Digital Security Unit at Microsoft.
The report was born from months of consultations among cybersecurity experts at Palo Alto Networks Inc., researchers at Chainalysis Inc. and law enforcement agencies in the U.S., U.K. and Canada, among others. The recommendations include five priorities deemed to be ''foundational and urgent," including a push to use diplomatic channels and law enforcement across the world to dissuade countries from becoming "safe havens to ransomware criminals."
"Most ransomware criminals are based in nation-states that are unwilling or unable to prosecute this cyber crime, and because ransoms are paid through cryptocurrency, they are difficult to trace," according to the report. "This global challenge demands an 'all hands on deck' approach, with support form the highest levels of government."
John Demers, U.S. assistant attorney general for national security, told reporters this week that ransomware as a cybercrime is no longer limited to independent cartels seeking to hold victims hostage for profit. Instead, nation-states may be using the attacks as a tool to disrupt government or private operations.
Earlier this month, for instance, the U.S. Treasury Department sanctioned Russian entities for helping to facilitate cyber-attacks and tied a Russian intelligence agency to a notorious ransomware group known as Evil Corp.
The report also outlines methods to regulate and control the economic backbone of the ransomware business: cryptocurrencies. Such payments between hackers and their victims occur in the largely unregulated realm of digital currency, which is harder for experts to track in hopes of identifying the criminals. The task force calls for governments to require cryptocurrency exchanges and trading desks to enforce basic "know your customer," anti-money laundering and financial terrorism laws.
These rules could help law enforcement identify the nexus of ransomware cartels and the individuals getting rich from ransom payments, said Don Spies, director of market development for Chainalysis.
"I firmly believe cryptocurrencies are a new asset class. They're now part of the overall financial system," Spies said. "So, too, is ransomware, and it's not going away. But I believe these recommendations can go a long way to combating a problem that's out of control."
Published : April 30, 2021
By : Syndication Washington Post, Bloomberg · Kartikay Mehrotra