US provides international forum for action to stamp out ransomware attacks

via Flickr © Keith Cooper (CC BY 2.0)

via Flickr © Keith Cooper (CC BY 2.0)

  • Governments now regard ransomware as a tool of terrorism and will respond accordingly
  • The Counter-Ransomware Initiative will comprise members from at least 30 countries 
  • Aim is to improve law enforcement cooperation, stop attacks, extortion and the illicit use of crypto-currencies 
  • Enforcement agencies getting better at tracking down the perpetrators

At last there is an international movement to tackle the scourge of cybercrime in general and ransomware attacks in particular. The initiative will see security specialists from 30 countries gathering online later this month to meet virtually with US National Security Advisors for substantive discussions on how to combat ransomware incursions and other cyber-attacks. Announced by US President Joe Biden, the meeting will be held under the aegis of the White House National Security Council with the goal of "improving law enforcement collaboration" on ransomware and the “illicit use of cryptocurrency.” Ransomware extorters are often paid in bitcoin.

The Biden administration is acutely aware of the perils of cyber-attacks having, just this year, to deal with incursions by groups that encrypted vital data and threatened to bring down essential US energy and food supply systems unless a ransom was paid. Several of them were successful and millions of dollars were paid to get systems and services back on line.

Joe Biden said, “The goal of the alliance will be to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically.” Meanwhile, Jake Sullivan, the President’s National Security Advisor told CNN, “Cyber threats affect the lives and livelihoods of American families and businesses. We will continue to build on our whole-of-government effort to deter and disrupt cyberattacks." There will also be a sharp focus on “the misuse of virtual currency to launder ransom payments'' while US authorities will "investigate and prosecute ransomware criminals.”

The new international alliance, the “Counter-Ransomware Initiative” (CRI) will look at how ransomware attacks, threatening the economies, social cohesion and the national security of many nations, are made, from where they originate and emanate, how that may be prevented and the how the malign actors behind the incursions can be brought to book. Currently an “informal group, it is hoped that the CRI will mature and evolve into a formal international body that will cooperate to oppose, defend against and go on the offensive against cyber criminals, state-sponsored, organised crime or malign individuals.

Many ransomware attacks are kept secret by the companies and organisations that have been subject to them and ransoms have been paid. Indeed. Some ransoms have been paid twice or more when cyber-criminals returned to their victims and hit them again. That reluctance to admit an attack has happened and the willingness to pay ransoms is why Joe Biden says, “the Federal government needs the partnership of every American and every American company in these efforts.” Currently he’s not getting it, well, at least not from all the players and plans are afoot to make that co-operation a legal requirement.

Decentralised crypto currency transactions are difficult, but not impossible, to trace

The US government and the Treasury regard ransomware as a type of terrorism and, having been hit hard and often itself, is determined to tackle the problem head-on. The Secretary to the US Treasury, Janet Yellen, says, “Ransomware and cyber-attacks are victimising businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”

Because, by their very nature, cryptocurrency transactions are decentralised, they are difficult to trace but various agencies in the US (and presumably in other parts of the world) are working to change that. To that end, and for the first time, the Department of the Treasury recently took action to stop cryptocurrency transactions related to ransom money laundering when it hit SUEX OTC, (a crypto-currency transfer outfit headquartered in the Czech Republic but operating from Russia) with an array of sanctions effectively stopping all transfers in and through the US and elsewhere.

The move came after the Treasury said it had irrefutable evidence that SUEX had “facilitated transactions involving illicit proceeds from at least eight ransomware variants” and that the company was doing so “for their own illicit gains.” The US authorities say ransomware payments topped $13 million since SUEX began trading in late 2018 with an additional $24 million coming in from other cyber-attacks and scams.

US Treasury statistics show that known ransomware payments by US companies and organisations were $100 million in 2019 and $400 million in 2020. And those are just the tip of the iceberg because most companies never acknowledge that they have been attacked and have then paid up. In a statement the Treasury says, “The U.S. government estimates that these payments represent just a fraction of the economic harm caused by cyber-attacks, but they underscore the objectives of those who seek to weaponise technology for personal gain: to disrupt our economy and damage the companies, families, and individuals who depend on it for their livelihoods, savings, and futures. In addition to the millions of dollars paid in ransoms and recovery, the disruption to critical sectors, including financial services, healthcare, and energy, as well as the exposure of confidential information, can cause severe damage.”

That’s why the Treasury's Office of Foreign Assets Control (OFAC) says that, in due course, sanctions will be imposed on companies found to have made ransomware payments. The statement doesn’t mince words: “OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to US jurisdiction may be held civilly liable even if such person did not know or have reason to know that it was engaging in a transaction that was prohibited under sanctions laws and regulations administered by OFAC.” 

Meanwhile, the government recommends that businesses and organisations design and implement risk plans to mitigate possible ransomware attacks and strongly advise that no ransom should be paid either by a business or anyone else. Furthermore, those suffering a ransomware incursion are exhorted to report the attack to agencies such as the FBI, the Secret Service, and the US Treasury Office of Cybersecurity and Critical Infrastructure. As OFAC says, “By reporting ransomware attacks as soon as possible, victims may increase the likelihood of recovering access to their data through other means, such as alternative decryption tools, and in some circumstances may be able to recover some of the ransomware payment. Additionally, reporting ransomware attacks and payments provides critical information needed to track cyber actors, hold them accountable, and prevent or disrupt future attacks.”

The US says state-sponsored actors, organised crime gangs or individuals are engaged in “malicious cyber activity”. The most pernicious of them operate from China, Iran, North Korea and Russia. No-one expects the attacks to stop entirely, indeed, that many even increase before they decline, but it is hoped that concerted international collaboration will eventually lessen their frequency and result in severe sanctions being imposed on the individuals, groups and states involved in cyber extortion. These-will include seizure of property and assets and long-term imprisonment for those individuals convicted of cyber-crimes.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.