With ransomware attacks against US interests and infrastructure escalating over the past two years, the White House has increased its efforts to disrupt ransomware operations.
According to reporting by the Wall Street Journal, the US is expected next week to sanction crypto exchanges, wallets, and individuals who aid ransomware gangs convert cryptocurrency.
As cryptocurrency is a required component of ransomware operations, the Biden administration hopes to disrupt this payment method and associated attacks with sanctions.
When ransomware gangs attack organizations, they demand millions of dollars in cryptocurrency to receive a decryptor and prevent the release of stolen data.
Almost all ransomware operations demand either Bitcoin or Monero for ransom payments.
- U.s. presses crypto exchanges to block ransomware profits
- Crypto Security Connections: Bitcoin Tied to Ransomware
- Why crypto exchanges are a danger to the US
- How does Heimdal Security keep you safe from Ransomware?
- Preventing a Ransomware Attack So You Don’t Have to Pay Up
- Differences between CryptoWall 3.0 and previous versions
- Similar Posts:
U.s. presses crypto exchanges to block ransomware profits
If passed, the bill will require victims to disclose ransomware payments within a 48-hour period. This would allow the U.S. government to use that data to counter the growing ransomware threat.
Crypto Security Connections: Bitcoin Tied to Ransomware
government does have an idea about the types of profits that ransomware gangs are making in the meantime. (Ransomware gangs often ask for payment in cryptocurrency, so a ransomware problem can also be a crypto-security problem.) The Financial Crimes Enforcement Network of the Treasury Department, created to combat money laundering and to counter funding terrorism, analyzed 177 virtual currency addresses used for ransomware payments in H1 2021. In doing so, it uncovered $5.2 billion worth of bitcoin transactions tied to ransomware.
Many of those ransomware transactions are tied back to REvil/Sodinokibi.
TheUS Treasury Departmentis targeting crypto exchanges in an effort to combat money laundering and cyber attacks.
Why crypto exchanges are a danger to the US
The US Treasurymemostates that in the fight againstransomwareattacks, cryptoexchanges are a critical element. This is becausecryptocurrencies are the preferred means for cybercriminalsto make ransom payments from ransomware attacks.
Although the government acknowledges thatvirtual currency activities are legitimate, there are instances where cryptocurrencies are used for illicit activities by malicious actors.
It is the responsibility of exchanges to enforce AML and KYC regulations toprevent malicious actors from using their platforms to undermine US security.
Tuesday’s sanctions will block all trades involving the cryptocurrency exchange Suex and US entities. According to the Treasury Department, around 40 percent of all Suex transactions involve illegal activities.
The department’s Office of Foreign Assets Control (OFAC) is also issuing a new advisory warning that it may issue new sanctions against cryptocurrency exchanges, cyber insurance companies, and other financial institutions that facilitate ransomware payments.
“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy,” Treasury Secretary Janet Yellen said in a statement on Tuesday.
spreading method for
In case your system is infected with CryptoWall, you will not be able to access the backup.
How does Heimdal Security keep you safe from Ransomware?
We, here at Heimdal Security, have developed an impressive suite of cybersecurity solutions to help you cover most of the possible ransomware attack vectors.
Just between July 2020 and June 2021, ransomware activity soared by a whopping 1,070%, according to a recent Fortinet (NASDAQ:FTNT) report, with other researchers confirming the proliferation of this mode of extortion. Mimicking the prevalent business model of the legitimate tech world, ransomware-as-a-service portals popped up in the darker corners of the web, institutionalizing the shadow industry and slashing the skill ceiling for wannabe-criminals.
The trend should be ringing a warning bell through the crypto ecosystem, particularly since ransomware attackers do have a knack for payments in crypto.
That said, the industry that was once a Wild Wild West is now assuming a more orderly setting.
Today, the Department of Treasury, alongside the Department of Justice, announced new sanctions on a cryptocurrency exchange linked to ransomware payouts.
The Treasury’s Office of Foreign Asset Control (OFAC) has added Chatex, alongside affiliated entities IZIBITS OU, Chatextech SIA and Hightrade Finance Ltd to its sanctions list. Chatex is a crypto exchange that the Treasury found to have facilitated ransomware payouts:
“Chatex, which claims to have a presence in multiple countries, has facilitated transactions for multiple ransomware variants.
Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware.
Government Efforts to Disrupt Ransomware Payments
This was the first time OFAC and the FBI leveled crypto security sanctions against a virtual currency exchange.
“Some virtual currency exchanges are exploited by malicious actors, but others, as is the case with SUEX, facilitate illicit activities for their own illicit gains,” OFAC noted.
As part of the same effort, OFAC updated an advisory discussing its designation of malicious digital attackers under a crypto-security sanctions program.
The version emphasized the ability of the U.S. Treasury Department to impose civil penalties for sanctions violations based on strict liability.
So, a person could receive a punishment even if they didn’t know they had broken the law.
In addition, Senator Elizabeth Warren, D-Mass., introduced the Ransom Disclosure Act on Oct. 5 with Rep. Deborah Ross, D-N.C.
This group accounted for 73% of ransomware detections in the second quarter of 2021, per McAfee, and it made a name for itself by demanding tens of millions of dollars in ransom from victims like Kaseya.
It’s not clear if REvil will continue these attacks, however. An unknown person hijacked the ransomware gang’s Tor payment portal and data leak blog.
Bleeping Computer reported, “the operation in its current form will likely be gone for good.”
Preventing a Ransomware Attack So You Don’t Have to Pay Up
Security teams can help to improve crypto-security and prevent a ransomware attack by putting zero trust into action. This can help block connection attempts from suspicious devices and compromised user accounts.
Differences between CryptoWall 3.0 and previous versions
Security analyst, Kafeine, presented in a blog post that one of the main differences between the CryptoWall 3.0 version and the previous ones is that communication with the C&C servers uses the RC4 encryption algorithm and it employs not just the TOR network, but also the I2P anonymity network, both of them being used mainly to conceal the identity of the user. Or cyber-criminals in our case.
The G7 Cyber Expert Group (CEG), co-chaired by the Treasury and the Bank of England, met in recent days and agreed that ransomware remains a serious threat and concern.
For their part, as early as 2019 the US through the Financial Action Task Force (FATF) asked other countries to oversee virtual asset providers, including crypto exchanges, tocounter the risks associated with illicit transactions.
All have been asked toimplement oversight activitiesand require exchanges to have AML standards. The US intends to continue to do so and discourage the use of exchanges for illicit activities.