Dive Brief:
- Cybercriminals are increasingly turning to crypto as the preferred form of currency as it allows instantaneous, liquid and borderless movement of funds used to purchase hacking tools, to extort payments from organizations and for other purposes, Gurvais Grigg, global public sector CTO at Chainanalysis, said at the MIT Technology Review CyberSecure conference.
- While cryptocurrency is thought to be untraceable, it leaves an immutable record of transactions that law enforcement and regulators can trace, according to Grigg. But authorities are just beginning to map criminal networks and facilitators or ransomware, money laundering, and other illicit activity on the Dark Web.
- Rogue foreign regimes, authoritarian states, criminal elements and even domestic extremist groups are embracing crypto as a means of moving money quickly and evading sanctions and traditional regulatory detection, Grigg said. In order to keep pace, investigators need to increase their crypto literacy.
Dive Insight:
The growth of cryptocurrency in cybercrime has coincided with the rise in ransomware. Nation-state cyber activity has become more brazen and sophisticated, threatening government agencies, critical industries and even everyday businesses and organizations, which often have few resources to combat malicious cyber activity.
The barriers to entry for the modern threat actor are much lower, and that is helping put a wider net of potential organizations in danger, according to Grigg, who retired from the FBI after a 23-year career before joining Chainanalysis.
Data from Chainanalysis shows in 2020 more than $1.7 billion in Dark Net cryptocurrency transactions were identified. North Americans sent more than $131 million in crypto to ransomware attackers between July 2020 and June of this year, according to the company.
"If an individual ransomware actor wants to conduct a campaign, you go back to the past, you had to be a sophisticated cyber actor and come up with your own code," Grigg said. "Now, you can go out on the Dark Web and buy and rent those services."
Some of the biggest ransomware attacks in the U.S. this year, including the Colonial Pipeline incident in May and the JBS USA meatpacking attack weeks later, involved multi-million extortion payments in cryptocurrency. Federal authorities were able to claw back $2.3 million of the $4.4 million ransomware payment in the Colonial attack and more recently disrupted the July ransomware attack against IT monitoring platform Kaseya, in order to obtain a decryption key.
There is a need for greater public-private sharing of intelligence and data and entities that help facilitate these transactions in emerging markets need to have better regulatory compliance, money laundering detection monitoring for suspicious transactions.
Earlier at the MIT conference a leading Secret Service official urged companies to cooperate with authorities on ransomware cases, because there is often information that could negate the need to pay a ransom or help authorities recover financial assets or data.
The Department of Justice last month announced a cyber task force, which includes a crypto enforcement team, that will help target illicit transactions on the Dark Web and go after entities that facilitate money laundering and other activities.
Authorities are beginning to focus on the facilitators of ransomware transactions, Grigg said, noting that the vast majority of these attacks are run by just a handful of entities.
The Treasury Department recently announced sanctions against Suex, a Russia-linked crypto exchange where officials said 40% of its transactions were illicit. Earlier this month authorities designated another virtual currency firm called Chatex, an affiliate of Suez, for allegedly facilitating ransomware payments.