Information gathering and handling was one of the main topics of the United States Senate Committee on Homeland Security and Governmental Affairs (HSGAC) hearing titled “Rising Threats: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency” (lit. “Growing Threats: Ransomware Attacks and Cryptocurrency Ransom Payments”). The committee hosted a panel of experts from the private sector who discussed the problem of ransomware attacks and the challenges of collecting and using the information needed to combat them.
The Chairman of the Committee, Gary Peters, of Michigan, which introduced the Strengthening America Cybersecurity Act in February, said the government lacks enough data to even understand the scope of the threat posed by ransomware attacks. The attackers almost exclusively ask for payment in cryptocurrency, he added.
To quantify the problem, various figures have been given. Chainalysis’s Head of Cyber Threat Intelligence, Jackie Burns Koven said the company had identified a record $712 million paid to attackers in 2021, with 74% of the money going to threat actors in Russia or with ties to the nation. The median payout was $121,000, and the median payout was $6,000. Attackers often use a ransomware-as-a-service business model.
Ransomware is an extortion technique, and it existed before cryptocurrencies, said the strategy director of the Institute of Security and Technology, Megan Stiffel, and the CEO of Coveware, Bill Siegel. Knowing what information to collect when an attack occurs and how to organize the information is a significant challenge for security forces, Siegel added.
Information gathering is often “a mess at the worst possible time”, said the committee member James Lankford, from Oklahoma. Multiple agencies require matching, but not identical, data from victims of an attack at a later time, and then prosecution of the case can take years. These factors, along with concerns that attackers will not release an encryption key if law enforcement becomes involved, explain much of the hesitation victims have in reporting attacks.
Stifel suggested that designating a single agency to receive and classify data after an attack would improve information gathering, especially if the companies established a relationship with that body before the attack.
Koven said that blockchain analysis can provide “immediate insight into the network of wallet addresses and services (eg exchanges, mixers, etc.) that assist the illicit actor,” as opposed to the lengthy processes of traditional financial investigation.
US government sanctions imposed on ransomware actors and their enablers are highly effective, Koven continued. He pointed to the sanctions imposed on the Russian cryptocurrency exchange Garantex, and the operator Suex, as an example. Money flows “fall almost to zero” after the sanctions, he said. In addition, blockchain analytics can track the name change of attackers, and Chainalysis has developed technology to track funds through cryptocurrency mixers.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.