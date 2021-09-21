Biden is combating ransomware with crackdown on cryptocurrency payments
The Biden administration took action on Tuesday to crack down on the growing problem of ransomware attacks, expanding its use of sanctions to throttle digital payment systems that have allowed such criminal activity to flourish and endanger national security. has given.
The Treasury Department said it was banning a virtual currency exchange called Suex, in the administration’s most apparent response to a crisis that disrupted US fuel and meat supplies this year, when foreign hackers hacked corporate computer systems. and demanded a huge amount. to set them free.
Illegal financial transactions underpinning ransomware attacks are taking place with digital currency known as cryptocurrencies, which the US government is still determining how to regulate.
The Treasury Department said Suex facilitated transactions involving illegal proceeds from at least eight ransomware episodes. The department said more than 40 percent of the exchange’s transactions were linked to criminal actors.
“Ransomware and cyberattacks are preying on businesses large and small across the United States and are a direct threat to our economy,” Treasury Secretary Janet L. Yellen said in a statement.
The department offered few details about Suex, refusing to say where the company was based or what types of transactions it dealt with, though on Tuesday a Russian computer executive confirmed he was the founder.
While Treasury officials had said that some virtual currency exchanges are exploited by criminals, Suex was facilitating illegal activities for its own gain.
Cybersecurity experts see exchanges as a weak point for ransomware gangs that otherwise operate entirely in the ether of the Internet, but untouchable by law enforcement. But the exchange is an interface with the real world that is used to cash cryptocurrencies and public-facing companies that are vulnerable to financial sanctions.
Vasily Zhabkin, a graduate of a prestigious Russian university that trains diplomats, said by telephone on Tuesday that he had founded SuX to develop software for the financial industry. He denied any illegal activity and said it was possible the Treasury Department may have mistakenly targeted his company.
“I don’t understand how I got into this,” he said in a brief interview. Suex, which is registered in the Czech Republic, was mostly a failure and had only done half a dozen or so transactions since 2019, Mr Zhabkin said, adding that he had three employees.
Russia is believed to be home to some of the most sophisticated ransomware groups, where they seem to operate with impunity. Cyber security experts say other countries such as Iran and North Korea host the groups.
Over the past decade, key technologies came together in one tool kit for the ransomware industry: malware to scramble victims’ computers, routers that anonymize communications, and digital currencies for payment.
One weak point, according to a study of ransomware published in 2019 in The Journal of Cybersecurity, is exchanges: businesses converting digital currency into cash, where criminals hiding in the digital world eventually have to make a presence in order to pay.
Several exchanges have appeared in Russia in recent years, often leasing office space in Moscow’s financial district with banks. This prompted Russia to try to ban digital currencies by enacting regulation this year to allow ownership.
The Treasury Department’s action comes three months after President Biden met with Russian President Vladimir V. Putin in Geneva to call for action against ransomware operators suspected of operating from Russian territory. Mr. Putin made no promises. Prior to the meeting, an attack had taken out the Colonial Pipeline, which provides most of the East Coast’s gasoline and jet fuel; Another had entered JBS, a major US meat supplier.
The attacks seemed to subside for a few months, and Darkside, a major ransomware operator, was shut down.
But late this summer, the attacks started escalating again. The deputy director of the FBI, Paul M. Abbett, who specializes in cybercrimes, said at a conference last week that “there is no indication that the Russian government has taken action to crack down on ransomware actors that are permissible.” working in the environment that they’re made there.”
He said that some action had been taken in Russia against those facing prosecutions in the United States.
Intelligence officials report the same, and say they believe some Russian military and intelligence services use ransomware operators to hide actions that are on behalf of the state, or at least its approval. can be done with
The attack against another food supplier was underway on Monday, even as the Treasury Department was preparing for its action. New Cooperative, a grain cooperative in Iowa, said it was part of “critical infrastructure” and noted that BlackMatter, a relatively new ransomware group, had promised not to attack such groups. But in reactions visible in screenshots on Twitter, Blackmatter said it does not consider the New Cooperative to be critical infrastructure. Both were in open dispute over the definition of the category.
“We do not see any significant areas of activity,” the ransomware group responded.
Blackmatter demanded just $6 million to decrypt the company’s files. Over time this figure decreased significantly.
The Treasury Department said that in 2020, ransomware payments topped $400 million, four times more than the previous year. It said the economic damage was far greater.
