Ransomware Suppression: “International Cooperation and Obstruction of Payments Are Key”

Ransomware has evolved from a minor cybercrime into a crisis that threatens national security. Incidents such as the Colonial Pipeline attack have shown that ransomware crimes can affect the entire population, not just specific businesses that lack good security practices. Ransomware can cut off people’s lives and prevent them from accessing basic services such as medical care.
ⓒ Getty Images Bank

The White House is looking for ways to contain ransomware. Since ransom, or ransom money, is usually paid in cryptocurrency, strengthening tracking is one way. However, it is not easy to track because Bitcoin exchanges are scattered around the world and only need to comply with loose regulations.

The United States is hoping for international cooperation to make cryptocurrency trading more transparent and dismantle criminal groups. Ransomware was on the agenda of the G7 summit in the UK, where political leaders urged all countries to quickly identify and dismantle ransomware criminal networks operating within their countries. Also at a follow-up meeting in Geneva, Switzerland, US President Joe Biden presented Russian President Vladimir Putin with a list of 16 critical infrastructures that ‘should not be attacked’.

Security researchers welcomed the move, saying it would slow the growth of ransomware to some extent, but said companies should continue to strengthen their security against ransomware threats.

Effective ransomware regulation, international cooperation is essential

In late April, the Institute of Security and Technology’s Ransomware Task Force issued 48 recommendations and forwarded them to the White House. Dozens of experts from security firms, governments, law enforcement agencies, international organizations and private organizations contributed to the ransomware recommendations.

Jen Ellis, vice president of public relations at Rapid 7, who was part of the ransomware task force, said the recommendations were “very significant hardening measures” and are most effective when applied together. However, activities such as international cooperation have a higher priority than this.

Ellis said he expects the G7 countries to act as promised at the meeting. “Leaders around the world need to recognize that ransomware is not a trivial technical problem, but a serious social problem that needs to be dealt with first and foremost,” Ellis said. will appear,” he said.

Cryptocurrency ransom payments can be disrupted, but not banned

John Davis, co-chair of the Ransomware Task Force and vice president of Palo Alto Networks, said such international cooperation should include cryptocurrency exchanges, cryptocurrency kiosks and over-the-counter exchanges that must comply with existing laws.

CrowdStrike CTO Mike Centonors said it would also work to force large operators to comply with the law. “The difficult thing about cryptocurrency exchanges is that they operate globally and are not obligated to comply with US regulations,” said Centonus. Agreeing on rules that make exchanges more just and legal is key. For the $20 million ransom payment, there aren’t that many exchanges that can actually monetize it, they’re easier to regulate, and they have to deal with ransomware ransom payments.”

During the ‘Ransomware Task Force’ meeting, some experts came up with a tougher idea. For example, banning all ransom payments or banning cryptocurrencies entirely. According to Ellis, the overall conclusion was that these regulations ‘do more harm than good’.

“If the ransom payment is banned, attackers will target the companies that are least likely to withstand the damage from an attack,” Ellis said. There is this. “It makes them much more vulnerable to exploitation by attackers.” Ellis added that banning cryptocurrency trading itself would also cause undue harm to those who use or trade cryptocurrency for good reasons.

Security expert Bruce Schneier agrees that banning cryptocurrencies is not the answer. “It’s conceptually simple, but it’s also impossible,” Schneier said. “An easier alternative is to simply disrupt the cryptocurrency market.”

According to Schneier, in the cryptocurrency space, criminals have several options that could make it more difficult for law enforcement agencies to track money. In other words, you can split the ransom into several smaller transactions, or you can convert Bitcoin to Monero, Ethereum, and back to Bitcoin as you cross the blockchain.

However, since there is not much that can be bought with Bitcoin, criminals have to convert cryptocurrencies to traditional currencies at some point. This requires an exchange connected to the banking system. Schneier said these exchanges usually try to figure out who their customers are, and they are likely to work with law enforcement. If you want to convert cryptocurrency to traditional currency, you have to do a lot of normal trading activity to avoid getting noticed.

Court records show that the FBI was able to track the electronic money in the “colonial pipeline ransomware case.” A special agent figured out how criminals were transferring money to another wallet from a publicly available Bitcoin ledger. At some point, out of the 75 Bitcoins paid by the Colonial Pipeline, 64 Bitcoins ultimately resulted in one wallet, and the FBI obtained the wallet’s secret key. “The exploiters will never see this money,” said Stephanie Hinds, federal prosecutor for the Northern District of California.

Ellis said tracking cryptocurrency transactions is essential to contain ransomware. He also advised that the fight against cybercriminals requires a variety of measures, and the IT camp is better off with more ideas.

However, the proposed idea must be thoroughly evaluated by experts in various fields. “The evil is in the details,” said Nicholas Christine, assistant professor of engineering and public policy at Carnegie Mellon.

Paying ransoms exacerbates ransomware problems, but sometimes inevitable

“Sometimes, ransomware puts companies in a state of helplessness,” said Sandra Joyce, executive vice president of Mandiant Threat Intelligence. “If the ransomware victim is a hospital, when a patient is asked for a certain amount in cryptocurrency. “You have to choose whether to treat or not to treat.”

Today, the question of whether to pay the ransom or not is not as clear-cut as in the past. “Criminals are increasing the risk,” said Raj Samani, chief scientist at McAfee. “There are a number of factors to consider when deciding whether to pay the ransom or not.

The victim must carefully evaluate the situation and know who the attacker is. Sending money to a sanctioned entity can be challenging as it is against the law. “The problem is that often you don’t have a choice,” Christine said. Because we don’t have the ability to fully recover with minimal downtime.”

Actions that seem appropriate in the short term can be counterproductive in the long run. CrowdStrike’s Centonas said paying the ransom made matters worse. The number and cost of ransomware has grown exponentially over the past year. Because threat actors continue to benefit from ransomware.

Blockchain research firm Chainalysis reported that companies paid out $412 million, a 341% increase over 2020. In addition, several insurance companies have raised claims against cyberattacks. At least half of insurance buyers are expected to pay 10% to 30% more, and some have to pay 50% more, according to data cited by the U.S. Audit Office.

The Ransomware Task Force recommended that companies disclose to the national government when they were attacked and their payment information. You should also conduct a thorough cost-benefit analysis and consider alternatives before making a decision.

DigitalMint co-founder and president, Marc Grens, advises that decisions should be made by key executives who can best understand the extent of the damage. Digital Mint is a cryptocurrency brokerage that helps you buy bitcoins through physical kiosks and transaction windows. “Business has to work with the government,” Grens said. Early and frequent contact with law enforcement agencies is essential to determine who the threat actors are. The more data, the better.”

“If you decide to pay the ransom, you should at least negotiate a lower price,” Grens advises. Ransomware offenders will usually be cooperative in negotiations. Sometimes payment alone is not enough to solve the problem. According to a Cyberreason survey, 80% of victims who decided to pay the ransom experienced a follow-up attack. Nearly half of respondents said their data was partially compromised.

“The most effective and important thing is to invest more in security to outperform attackers,” Centonas said. The system needs to be replaced so that malicious behavior can be detected quickly.”

Ransomware regulation success or failure depends on Russia’s actions

Historically, the ransomware business has flourished as criminal groups use cryptocurrencies. In 2013, the disruptive CryptoLocker made huge profits by allowing victims to choose their preferred currency: US Dollars, Euros or Bitcoin. Criminals have made money before, and will always be.

The new regulation has been able to persuade some groups in Eastern Europe to stop working. Criminal groups such as Avaddon have recently taken a break after releasing 2,934 decryption keys. But other groups will continue to commit crimes. “Criminals will evolve as we have seen in the past,” said McAfee’s Samani.

According to Digital Mint’s Grens, some groups can even increase disruptive activity to show what’s happening to countries and businesses without giving victims the option to pay.

“Ransomware is a diplomatic issue,” said Dmitry Smilyanets, a cyberthreat intelligence expert at Recorded Future. “The future of criminal groups depends on the decisions of world leaders.” “In the end, Russia will only be able to fight cybercrime if it has the political will to punish its own people,” Smilyanets added. It would be impossible to tackle the cybercrime problem without Russian law enforcement intervening.

Grens claimed that Russian President Vladimir Putin was “angry” at the recent ransomware attack on the United States, which he interpreted as a bad sign for cybercriminals based in Russia. But it is questionable whether Putin will extradite Russian criminals abroad, Smilyanets said, adding that Russia’s constitution states that it will not extradite its citizens abroad.

Smilyanets argued that the US and Russian governments were likely to cooperate with each other. RIA Novosti news agency reported that Alexander Vodnikov, head of the Russian FSB, said during the “Moscow International Security Conference” on June 23 that Russia would cooperate with the United States in tracking down cybercriminals. Botnikov added that Russia would implement the measures discussed by the two presidents in a reciprocal manner. “In this case, the ransomware criminal group will soon be confronted with Russia’s ruthless federal security agency,” Smilyanets added. [email protected]

Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!