CREATE A PROBLEM MAKE MONEY: Ransomware funds more Ransomware

Usually not disclosed until after the fact: Hypothetical situation posed in an article by Elizabeth Lopattoon policy taken from The Verge

(Illustration by Alex Castro and Grayson Blackmon)

Ransom notes

Ransomware funds more ransomware, so how do we stop it?

By Elizabeth Lopatto@mslopatto Jun 24, 2021, 8:00am EDT

". . .Let’s begin with the obvious, uncontested fact: the number of ransomware attacks is going up because companies are paying the ransoms.

The number of ransomware attacks is going up because companies are paying the ransoms

The Colonial Pipeline hack is a case in point. The company spent $4.3 million to unlock its computers. Ransomware is just extortion, after all. As the DarkSide collective put it in their weirdly corporate apology for shutting down Colonial Pipeline, “Our goal is to make money.” Major cybercrime gang Evil Corp — great branding btw — reportedly likes sick Lambos. Stopping ransomware is simple in that way: all you have to do is cut off the cash.

The question is how, and none of the choices are very good.

You could require the immediate disclosure of ransoms. You could ban paying ransoms outright. You could ban cryptocurrency, which is how most ransoms are paid. You could increase regulation around cryptocurrency and perhaps ban certain kinds of exchanges or transactions. You could try being better friends with Vladimir Putin, in the hopes that he might sacrifice some threat actors. Your Department of Defense has also probably come up with some separate terrible ideas, which I am frightened even to contemplate.

Every choice here hurts, at least in the short term. But let’s go through them. . .

Immediate disclosure of ransom payments

Legislators have been trying to get ransom disclosures done already, without much success. That’s probably because the public disclosure of a hack damages a company’s reputation. So right now, we actually don’t know the true extent of the ransomware problem because a lot of companies keep hacks quiet. . .

Ban ransom payments

Right now, it is legal to pay ransom: it’s even tax-deductible, and the money often comes from a company’s cyber insurer. Banning ransoms in the US would cut off the cash supply for the criminals — probably getting them to change their focus to other countries. . .

Ban cryptocurrency

Cryptocurrency’s role in the ransomware ecosystem has led some to call for banning cryptocurrency altogether. Others have suggested regulating cryptocurrency mining as money transmitters to make it more difficult to process ransom transactions. “I think it’s time for a whole-of-government ‘regulate it to death’ strategy, based on existing regulation,” says Nicholas Weaver, a computer security specialist at the International Computer Science Institute in Berkeley, California, in an email. This would also be a painful route to take — not only would it blow up people’s cryptocurrency investments, but it would nuke entire companies based on cryptocurrency, such as Coinbase. . .

Stronger cryptocurrency regulation

At some point, criminals need to move out of cryptocurrency and back into traditional currency since that’s generally how one pays for Lamborghinis. Within the borders of the US, cryptocurrency is already regulated; reputable exchanges comply with know-your-customer laws aimed at preventing money laundering, for instance. . .

International diplomacy and coordination

You could combat ransomware through international cooperation — after all, many hackers’ names and locations are known. They’re just not extraditable. But because hackers don’t target certain Eastern Bloc countries, those countries do not view ransomware as a serious problem, says Adam Meyers, Crowdstrike’s senior vice president of intelligence. “These people are paying taxes,” Meyers says. “I think there’s people protecting them.” . .

Well?

So where does that leave you, the president? Nowhere good. But you’re going to have to put on your decision aviators because the hacks are increasing. Even cyber insurers can fall prey to ransomware. Cyber insurer CNA was hacked in March and paid a ransom of $40 million. The Asia division of cyber insurer Axa was hacked in May.

“We called 2020 the year of ransomware, and I’m wondering if I have to call 2021 the year of ransomware, too,” says Kim Grauer, director of research at Chainalysis. “We’re basically on track to surpass 2020.”

The trends she’s seen include asks for bigger ransoms and an increase in the average payments going to known ransomware wallets. And scarily, there’s more money being moved between ransomware strains and illicit service providers, says Grauer. Business is good, and the hackers are reinvesting.

 

 

HHH