US Treasury warns crypto firms not to reimburse unknown ransomware victims

Published at: Oct. 1, 2020

Two offices of the United States Department of the Treasury have issued advisories on ransomware payouts, which they say pose a threat to national security. The Financial Crimes Enforcement Network, or FinCEN, reminded cryptocurrency processing companies of their duty to file suspicious activity reports when they have a reason to suspect that their services are being engaged for such payouts to sanctioned individuals:

“Among these entities are digital forensics and incident response (DFIR) companies and cyber insurance companies (CICs). Some DFIR companies and CICs, as well as some MSBs that offer CVCs [convertible virtual currency], facilitate ransomware payments to cybercriminals, often by directly receiving customers’ fiat funds, exchanging them for CVC, and then transferring the CVC to criminal-controlled accounts.”

The announcements also note that while Bitcoin (BTC) remains the favorite currency of cybercriminals, there is a trend toward greater use of privacy coins. Apparently, some criminals have even offered a discount to those who chose the latter.

Recently, the Internal Revenue Service awarded two $625,000 contracts to Chainalysis and Integra FEC to develop tools that would help track the most elusive privacy coin, Monero (XMR).

The Treasury Office of Foreign Assets Control's, OFAC, statement emphasizes that some of the biggest ransomware attacks of the recent past were perpetrated by foreign actors. It stressed that the funds received as a result of such activity could be used to the detriment of U.S. national security. OFAC also restated that in addition to having a list of sanctioned individuals with whom U.S. persons are prohibited from transacting, there are certain countries and regions that are on the list as well. Financial service providers who choose to ignore those restrictions may be penalized.

Many cybersecurity experts have been saying for years that the only way to put an end to malware attacks is to stop paying the ransom. A threat analyst at malware lab Emisoft, Brett Callow, told Cointelegraph:

“Critically, ransoms must stop being paid. Attacks like this happen for one reason and one reason only: because some companies pay the criminals. If nobody paid the criminals, there’d be no more ransomware. It’s that simple.”

Yet, it appears to be the first serious attempt by the U.S. government to crack down on these payouts and  those who facilitate them.

Tags
Related Posts
Biden to discuss crypto’s role in ransomware attacks at G-7, says national security adviser
United States President Joe Biden will speak directly about cryptocurrency and its role in the attack on the Colonial Pipeline and other ransomware breaches, according to Biden’s national security adviser, Jake Sullivan. In a White House press briefing on Monday, Sullivan said U.S. officials, seemingly including Biden, would like to see an action plan regarding ransomware attacks during the president’s visit to the G-7 summit this weekend. The national security adviser said this plan should address the resilience of such attacks, how to share information with other democracies and “how to deal with the cryptocurrency challenge.” Sullivan said crypto “lies …
Regulation / June 7, 2021
The IRS offers a $625,000 bounty to anyone who can break Monero and Lightning
The United States Internal Revenue Service has offered a bounty of up to $625,000 to anyone who can break purportedly untraceable privacy coins such as Monero (XMR) as well as trace transactions on Bitcoin’s (BTC) Lightning Network. The official proposal, published last week, says the IRS will accept submissions in the form of working prototypes until Sept. 16. If accepted, applicants will receive an initial payment of $500,000. This grant will allow applicants to develop their prototype into a working concept over the next eight months. Once the pilot test is completed and approved by the government, a further $125,000 …
Technology / Sept. 11, 2020
US charges operators of Russian troll farm with fraud over crypto accounts
The U.S. filed criminal charges against Russian national Artem Lifshits for his management of an affiliate of the infamous Internet Research Agency, which U.S. authorities accuse of interfering in the 2016 election. The new complaint alleges that Lifshits has managed the translator department of Project Lakhta since 2017, in which capacity he illegally obtained U.S. identification documents in order to use "the means of identification of United States persons to open bank accounts, PayPal accounts, and cryptocurrency accounts." The charge is conspiracy to commit wire fraud. The U.S. Department of Justice says these accounts were a means for Lifshits and …
Regulation / Sept. 10, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Law Decoded: Competing narratives around crypto clash on the Earth Day, April 19-26
Regulation by enforcement, a fast and economical substitute for thorough rulemaking, is widely regarded as some of the U.S. executive agencies’ preeminent approach to crypto regulation. It could be summed up as letting crypto firms explore the boundaries of what is permissible by themselves and then punishing industry participants in case their exploratory actions come to look like a transgression. Others will take heed and learn from the explorer’s negative experience. While it is the United States Securities and Exchange Commission that gets accused of over-reliance on regulation by enforcement most frequently, other federal agencies do that as well. Last …
Regulation / April 25, 2022