By David Uberti and James Rundle
The Biden administration is examining cryptocurrency's role in
recent hacks that have disrupted important U.S. industries
including healthcare, fuel and food, exploring new ways to track
victims' payouts to foreign ransomware gangs.
White House officials this week said they are pushing to better
trace ransomware payments, which hackers demand to unlock
companies' data.
The move came after a cyberattack this weekend caused meat
processor JBS SA to pause production at U.S. and Australian plants.
That incident followed last month's hacks of Colonial Pipeline Co.
and Scripps Health in San Diego, showing how such extortion schemes
can snarl the U.S. economy and disrupt daily life.
The White House didn't respond to requests for details on its
approach to tracking the transactions or whether additional
regulation is in the works.
In a letter to business leaders Wednesday, Deputy National
Security Adviser Anne Neuberger said U.S. officials are working
with international partners on consistent policies for when to pay
ransoms and how to trace them.
Hackers ask for ransoms in cryptocurrency because it is
difficult to pursue across digital wallets and national borders.
U.S. officials discourage companies from paying ransoms, but many
do so when losing data would cripple their businesses. Paying
hackers who are affiliated with sanctioned entities, however, risks
penalties from the Treasury Department.
Some cybersecurity experts say the spate of attacks underscores
the need for a more aggressive approach to monitoring crypto
payments. In April, a task force of major tech companies and U.S.
officials called for governments to enforce know-your-customer
rules, similar to Treasury regulations, to improve transparency and
accountability of bitcoin and other digital money.
"There are some responsibilities that come with being a
responsible, mature currency in the world," said Michael Daniel, a
former Obama administration official who is now chief executive of
the Cyber Threat Alliance, a nonprofit intelligence-sharing
group.
But hackers and the exchanges that process their payouts often
operate overseas, limiting Washington's regulatory power. Improved
oversight of cryptocurrency exchanges abroad, which some cyber
experts say face lower regulatory standards, could require
international cooperation or pressure.
Ransomware specialists, however, are skeptical that restrictions
on bitcoin payments or tighter regulations will slow the growth in
ransomware. Restrictions on individual digital currencies such as
bitcoin mean criminals will just switch to another, less-regulated,
currency, and any regulation strong enough to deter payments to
criminals will take a long time to develop, said Lior Div, chief
executive of cybersecurity firm Cybereason Inc., which develops
software designed to combat ransomware.
Prominent U.S.-based cryptocurrency exchanges say they use
strong controls to prevent money laundering and identify clients.
Marco Santori, chief legal officer for Payward Inc.'s Kraken
cryptocurrency exchange, said Kraken's controls are equal to those
at major banks, and that large exchanges are in frequent
communication with regulators.
"There's this meme out there that crypto is unregulated and
crypto participants don't engage with the government. It just
couldn't be further from the truth," he said.
Businesses including Colonial -- which paid $4.4 million in
bitcoin to a gang known as DarkSide, believed to be in Eastern
Europe -- often make such payments to avoid costly outages of their
computer networks or the hard work of restoring systems from backup
data.
A representative for JBS didn't respond to requests for comment.
A spokeswoman for Scripps Health declined to comment.
Victims that pay ransoms typically engage third-party brokers
such as Chicago-based DigitalMint to convert their cash to
cryptocurrency. DigitalMint officials said they collect standard
know-your-customer data on clients and check hackers' digital
wallets for potential overlap with sanctioned entities in countries
such as Russia, where many ransomware groups operate.
Payments made by DigitalMint tend to go directly to overseas
markets. "A lot of what we see ends up at these big foreign
exchanges," said Seth Sattler, DigitalMint's director of
compliance.
Ransomware groups often spread cryptocurrency among many digital
wallets to disguise themselves and to hide potential connections
with sanctioned entities, Mr. Sattler said.
The Financial Crimes Enforcement Network, a part of the Treasury
Department known as FinCEN, has proposed additional rules in
December for many cryptocurrency transactions, requiring U.S.-based
banks and money-service businesses to vet some customers and report
transactions over $10,000.
Dmitri Alperovitch, chairman of the Silverado Policy
Accelerator, a think tank, said the FinCEN regulators should also
require companies to report the exchanges they use. That
information could help Treasury pinpoint which exchanges or
affiliated entities to target with sanctions, he said.
"Virtually every exchange around the world is dealing in some
form or fashion with U.S. currency," Mr. Alperovitch said. "The
U.S. could absolutely pressure all of them through sanctions and
the like to adopt the same policies."
A spokeswoman for the Treasury Department said it received over
7,000 comments on the proposed rule, and is working with the
concerned parties to ensure the final regulation balances costs and
benefits to the public and private sectors. The department is
monitoring emerging risks in this area daily, the spokeswoman
added.
Some ransomware victims and their cybersecurity consultants
voluntarily report to law enforcement data about ransom payments,
such as dates, wallet addresses and amounts, said Bill Siegel,
chief executive of Coveware Inc., a firm that helps clients respond
to incidents and negotiate with attackers.
"It's just a question of what they [law-enforcement officials]
do with it," he said. "There's nothing from a regulatory
perspective that I think would be effective in this, outside of
creating a broad mandatory reporting requirement for victims of
ransomware.
Write to David Uberti at david.uberti@wsj.com and James Rundle
at james.rundle@wsj.com
(END) Dow Jones Newswires
June 03, 2021 18:49 ET (22:49 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Oct 2024 to Nov 2024
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Nov 2023 to Nov 2024
