The Biden administration plans a fresh campaign against ransomware attacks through sanctions to cut off criminals’ cryptocurrency pipelines, and it urged companies to report extortion attempts and better protect themselves from them.
Deputy Treasury Secretary Wally Adeyemo told reporters that the sanctions would be imposed on Suex, a cryptocurrency transferring service that’s registered in the Czech Republic. He said Suex had “facilitated transactions involving illicit proceeds for at least eight ransomware variants.”
He said “exchanges like Suex are critical to attackers’ ability to extract profits,” pointing out that this was the first such action by the Office of Foreign Assets Control against a virtual currency exchange.
Both Adeyemo and Deputy National Security Adviser Anne Neuberger, who also briefed reporters in a conference call on Monday evening, underscored the importance of ransomware victims coming forward and vulnerable businesses and organizations taking steps to bolster their security.
Adeyemo announced new Treasury Department guidance that makes “an express statement that the U.S. government strongly discourages the payment of cyber ransoms or extortion demands.”
Neuberger likened companies armoring themselves against cybercrime to motorists and homeowners buying insurance.
“It incentivizes us to drive more safely,” she said. “You get a number of moving violations, your insurance goes up. Get into accidents, it goes up. Similarly, when you look at our home insurance, in order to get home insurance you have to have a smoke detector or have an alarm system.”
“When we look at cybersecurity, what we’re grappling with is what seems to be the lack of incentives for companies to make the investment to modernize their defenses to meet this threat,” Neuberger said.
The actions amount to another foray by the administration after ransomware attacks earlier this year disabled the meat giant JBS SA, which eventually paid an $11 million ransom, paralyzed Colonial Pipeline Co.’s flow of gasoline on the U.S. East Coast and imperiled health care providers in the midst of the coronavirus pandemic.
Since its inception in 2018 as a venue for transferring digital currency and turning it into cash, Suex has moved hundreds of millions of dollars in illicit digital coins, including more than $160 million in Bitcoin alone, according to the cryptocurrency research firm, Chainalysis.
Suex’s addition to the Treasury Specially Designated Nationals and Blocked Persons List prohibits Americans from doing business with it.
Ransomware is a type of malware that encrypts a victim’s data. Cybercriminals often steal the data, too. The hackers then ask for a payment to unlock the files and promise not to leak the stolen data. In recent years, hackers have been targeting victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts.
A task force established by the Institute for Security and Technology said cyberattacks became a $350 million criminal industry in 2020 — a 311% increase over 2019. The task force recommended 48 actions that the Biden administration and private sector could take to mitigate such attacks, including better regulation of the digital currency market used to make ransom payments.
The Biden administration has determined that ransomware is no longer limited to independent cartels seeking to simply make a profit from extortion. Instead, nation-states may be using the attacks as a tool to disrupt government or private operations.
For instance, in April the Treasury Department sanctioned Russian entities for helping to facilitate cyberattacks and tied a Russian intelligence agency to a ransomware group known as Evil Corp. Then in July, western intelligence accused the Chinese Ministry of State Security of conspiring with hackers to execute a series of malicious ransomware, data theft and cyber-espionage attacks against public and private entities, including the sprawling Microsoft Exchange hack earlier this year.