Since ransomware attacks have been a continuous threat to US infrastructure over the last two years, the Biden administration is said to be expected this week to put in place ransomware crypto exchanges sanctions. These will apply to wallets, crypto exchanges, and people who use to help cybercriminal groups into the process of cryptocurrency conversion. These aim at disrupting these kinds of payments associated with ransomware operations.
Cryptocurrency: the Payment Method for Ransomware Threat Actors
Ransomware operations cannot be successful without cryptocurrency, as this way hackers receive the money they ask for. In the usual process, threat actors target an organization and encrypt vital data through ransomware, then the next step is to demand a ransom from the affected enterprise in order to give it the decryption key. This way theoretically the organization will receive its vital data back and stop data leakage.
Hackers request this money in crypto coins that eventually will be exchanged into fiat money, for instance, local currency or US dollars. The most popular crypto for ransomware operations are Bitcoin and Monero, but usually, payments are received by hackers in Bitcoin, as Monero is a private coin.
How does the process function? Well, firstly mixers are used for the transfer of cryptocurrency. This way the risk of tracing the coins is minimized. Then they are converted through crypto exchanges.
Ransomware crypto exchanges sanctions would be basically mitigation measures intended to put in difficulty ransomware operations and eventually stop them from functioning.
Ari Redbord, a former senior Treasury security official, declared in a statement to Wall Street Journal:
An action of this kind would be an aggressive, proactive approach to going after those who facilitate ransomware payments.
These kinds of sanctions however are not the first ones the US uses to address ransomware malicious actions. According to BleepingComputer, in 2019 members of Evil Corp, the group that stole more than $100 million, were charged by the US and also put on the OFAC sanction list. Among the ransomware families related to the mentioned group, we can enumerate PayLoadBin, Hades, WastedLocker, and Phoenix CryptoLocker.
The Biden administration is preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency to profit from ransomware attacks, according to people familiar with the matter. The government hopes to choke off access to a form of payment that has supported a booming criminal industry and a rising national security threat.