Chainalysis exec touts blockchain analysis to Senate homeland security committee

Published at: June 7, 2022

The collection and processing of information was a major theme at the United States Senate Committee on Homeland Security and Governmental Affairs (HSGAC) hearing titled, “Rising Threats: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency” on Tuesday. The committee hosted a panel of private-sector experts who discussed the problem of ransomware attacks and the challenges of collecting and using the information necessary to fight them. 

Committee chair Gary Peters of Michigan, who introduced the Strengthening American Cybersecurity Act in February, said the government lacks sufficient data even to understand the scope of the threat posed by ransomware attacks. Attackers almost exclusively ask for payment in cryptocurrency, he added.

Several figures were trotted out to quantify the problem. Chainalysis head of cyber threat intelligence Jackie Burns Koven said the company had identified a record $712 million paid to attackers in 2021, with 74% of the money going to threat actors in Russia or with links to Russia. The average payment was $121,000, and the median payment was $6,000. Attackers often use a Ransomware-as-a-Service business model.

Related: Making crypto conventional by improving crypto crime investigations worldwide

Ransomware is a form of extortion, and it existed before cryptocurrency, Institute for Security and Technology chief strategy officer Megan Stifel and Coveware CEO Bill Siegel said. Knowing what information to collect when an attack occurs and how to organize the information is a major challenge for law enforcement, Siegel added.

Information collection often is “a convoluted mess at the worst possible moment,” committee member James Lankford of Oklahoma said. Multiple agencies demand overlapping but not identical data from victims of attack in its aftermath — and then, prosecution of the case could take years. Those factors, along with concerns that the attackers will not release an encryption key if law enforcement becomes involved, explain much of the hesitancy of victims to report attacks.

Stifel suggested that designating a single agency to receive and triage data after an attack would improve information collection, especially if businesses established a relationship with that agency prior to the attack.

Koven said blockchain analysis can provide “immediate insight into the network of wallet addresses and services (e.g., exchanges, mixers, etc.) that facilitate the illicit actor,” in contract to the lengthy processes of traditional financial investigation.

U.S. government sanctions imposed on ransomware actors and their facilitators are highly effective, Koven continued. She pointed to sanctions against Russia-based cryptocurrency exchange Garantex and trader Suex as examples. Money flows “drop to almost zero” after sanctions, she said. In addition, blockchain analysis can track the rebranding of attackers, and Chainalysis has developed technology to track funds through cryptocurrency mixers.

Tags
Related Posts
Aussie cyber spies to control critical infrastructure during ransomware attacks
Australia’s top cyber spies are set to gain greater powers in the event of ransomware or other cyber attacks on critical infrastructure. The Australian Signals Directorate (ASD), a government agency in charge of cyber warfare and information security, would be able to take over control of critical infrastructure — including energy, communications and banking systems — under new legislation introduced into Parliament. The legislation even includes health care and grocery businesses under the definition of critical infrastructure and imposes new positive security obligations. For ASD operatives to provide assistance, operators from the affected infrastructure would have to report a serious …
Adoption / Oct. 20, 2021
Chainalysis acquires cybercrime investigative firm Excygent in fight against ransomware attacks
Blockchain analytics firm Chainalysis has purchased cybercrime investigative company Excygent for an undisclosed amount, hinting that the two will continue to work together to help “dismantle ransomware operations.” In a Tuesday announcement, Chainalysis CEO Michael Gronager said the firm had collaborated with Excygent on the seizure of cryptocurrency connected to the now-defunct darknet market Silk Road, shutting down a major child abuse website, disrupting campaigns related to the financing of terrorism and other projects. Gronager said staff from Excygent would join the firm’s Investigations and Special Programs team to support investigations of thecryptocurrency used in cybercrimes. “Following the flow of …
Business / Oct. 6, 2021
US Senator Warren introduces bill to study crypto’s role in ransomware
As cryptocurrency adoption continues apace in the United States, lawmakers want to better understand how it’s used — for both legal and illegal purposes. The Ransom Disclosure Act, introduced by Senator Elizabeth Warren and Representative Deborah Ross, would require victims of ransomware attacks to disclose information about ransom payments to the Department of Homeland Security (DHS). The bill, introduced on Tuesday, aims to gather critical data on fiat and cryptocurrency payments and protect investors from cybercrimes. In an ongoing effort to curb illicit financial activities in the U.S., Warren’s legislation aims to develop “a fuller picture” of ransomware attacks: “My …
Bitcoin / Oct. 6, 2021
Using Ransomware, Hackers Steal and Publish Medical Data of Firm Researching Coronavirus
Black hat hacker group Maze has infected the infrastructure of a firm researching the coronavirus with ransomware, managing to steal and publish sensitive data. The hack of medical information Cybersecurity firm Emsisoft told Cointelegraph on March 23 that Maze group’s hackers compromised United Kingdom medical firm Hammersmith Medicines Research. The published data includes sensitive data on medical test volunteers such as id documents like passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said: “[The data] is on the clear web where it can be accessed by anybody with an internet connection. [...] The criminals almost …
Bitcoin / March 23, 2020
Tech-savvy terrorists are using crypto to finance their horrible deeds: UN official
Terrorist groups who have been excluded from the “formal financial system” have turned to crypto to fund their heinous activities, according to Svetlana Martynova, the Countering Financing of Terrorism Coordinator at the United Nations (UN). The UN official made the comments during a speech at a “Special Meeting” run by the UN’s Counter-Terrorism Committee (CTC) in New Delhi and Mumbai on Oct. 28-29 — which was focused on combating the use of “new and emerging technologies” for terrorist purposes. Martynova said that while cash and "hawala" — a traditional system of transferring money in Arab countries and South Asia — …
Blockchain / Oct. 31, 2022