U.S. officials announced in a press conference Monday afternoon the successful recovery of some of the funds paid in the recent Colonial Pipeline hack. Deputy Attorney General Lisa Monaco of the Department of Justice noted that the scope of the investigation involved “…going after an entire ecosystem that fuels ransomware and digital extortion attacks including criminal proceeds in the form of digital currency.” Monaco declared, “…we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.” Paul Abbate, the deputy director of the FBI, said the bureau successfully seized the ransom funds from a bitcoin wallet that DarkSide used to collect Colonial Pipeline’s payment.
Colonial Pipeline temporarily shut down its operations on May 7 after Russian-based criminal hackers from the organization DarkSide broke into its computer system, stalling a company that provides almost half of the fuel to the East Coast of the U.S. While Colonial Pipeline ended up paying $4.4 million in digital currency, the amount that was recovered today was not revealed.
The United States Department of Justice had recently instructed the U.S. Attorney’s Offices across the country to coordinate cases involving ransomware, cyberattacks, and illicit marketplaces with a newly created ‘Ransomware and Digital Extortion Task Force’. According to Monaco, the Task Force was established to investigate disrupt, and prosecute ransomware and digital extortion activity. “This is the Task Force’s first operation of its kind,” said Monaco.
Deputy Attorney General Lisa Monaco of the U.S. Department of Justice announced on Monday during a … [+] news conference of the recovery of some of the Bitcoin that was paid in the ransomware attack on Colonial Pipeline.U.S. Department of Justice
Message To U.S. Corporations: Improve Your Computer Security Now
According to Monaco, these types of ransomware are more diverse, sophisticated, and dangerous to which no organization is immune. Monaco specifically addressed U.S. corporations in the press conference that the , “…threat of severe ransomware attacks pose a clear and present danger to your organization, to your company, to your customers, to your shareholders, and to your long-term success. Pay attention now. Invest resources now. Failure to do so could be the difference of being secure now and being a victim later.”
Peter Todd, an Applied Cryptography Consultant, spoke with me on the evening of Friday, June 4, during the Bitcoin 2021 Conference in Miami, regarding the impact of ransomware attacks on U.S. infrastructure. Todd pointed to the root cause of ransomware attacks as being the result of poorly developed computer security. “Nothing stops computer security from actually being done right. It’s not actually that hard. You know, every time we see ransomware, the root cause of this is someone cutting corners…” said Todd.
Todd believes the White House should focus on regulation for holding companies to a higher standards of computer security. As to any kind of regulation around Bitcoin he described as ‘…a bandaid’. Todd explained, “It would hide the real problem. China and Russia aren’t doing it because they want your money. China and Russia are doing it because they want to destroy the U.S.” Todd noted ransomware is involuntary, abusive, and unethical; however, considering our options, he feels it is something the U.S. would much rather deal with than the ‘real thing’.
Ransomware and Digital Currency Policy
The White House Principal Deputy Press Secretary Karine Jean-Pierre explained Biden set up a strategic task force as a result of the most recent JBS Foods ransomware hack, that included cryptocurrency policy as one of the items of consideration in battling that included policy for cryptocurrencies such as Bitcoin.
“Combating ransomware is a priority for the administration. President Biden has already launched a rapid strategic review to address the increased threat of ransomware to include four lines of effort: one, distribution of ransomware infrastructure and actors working closely with the private sector; two, building an international coalition to hold countries who harbor ransom actors accountable; three, expanding cryptocurrency analysis to find and pursue criminal transaction; and, four, reviewing the USG’s ransomware policies,” stated Jean-Pierre.
Biden’s Administration has already issued an Executive Order to improve the nation’s cybersecurity and ways U.S. agencies should respond to ransomware attacks. Just last week, FBI Director Chris Wray compared ransomware attacks on Colonial Pipeline and JBS Foods to events such as 9/11.
Blame The Criminals, Not Bitcoin
Michelle Bond, CEO of a trade association called the Association for Digital Asset Markets, noted, “Ransomware and the actors using it are the sole problem. Just like a car used in a getaway in a bank robbery, crypto is a vehicle criminals may choose to move funds. Ransomware would continue to persist in a world without crypto. Governments should focus on the root of the problem — international bad actors — and promote best practices in cyber security and blockchain analytics.”
Jesse Spiro, Chief Government Affairs at Chainalysis, a leading blockchain analysis company, stated, “There is no silver bullet solution to ransomware; we believe it is important to enact a mix of meaningful policies to deter, detect, and disrupt ransomware. This should include updating and strengthen cyber hygiene regulations and standards, improving information sharing between the public-private sectors, and increasing investigative resources.”
As discussed earlier, Spiro notes the dramatic increase in the issue of ransomware over the last few years. “There has been a drastic growth in the size of the average known ransomware payment. Back in 2017 with Wannacry, ransoms of about $300 were demanded. In 2021 so far, the average ransom payment was $54,000.” Spiro noted what the U.S. officials announced today with respect to DarkSide as a ‘ransomware-as-a-service’ provider. “The increased use of illicit third-parties that provide services including cyber infrastructure, hacking tools, and stolen data to ransomware operators are enabling them to target larger organizations and command higher ransoms,” said Spiro. Chainalysis works with Federal government partners in a variety of ways, providing products and services to support investigations, as well as regulatory oversight and supervision.
Ari Redbord, Head of Legal and Government Affairs at TRM Labs, a blockchain intelligence company, and also also a former Senior Advisor to the Deputy Secretary and Undersecretary to the United States Treasury, commented, “The open nature of the blockchain allows law enforcement to have visibility on financial flows in ways that were never possible in fiat. While crypto moves at the speed of the internet, making it attractive to illicit actors, the nature of the blockchain also allows for unprecedented opportunities for law enforcement to track the flow of funds.”