Democratic Lawmakers Urge Agencies to Act on RansomwareLetter to 4 Departments Asserts that Cryptocurrency Is Enabling These Attacks
A congressional letter sent to the heads of four federal agencies on Friday expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.
The letter, written by Sens. Ed Markey, D-Mass., and Sheldon Whitehouse, D-R.I., and Reps. Jim Langevin, D-R.I., and Ted Lieu, D-Calif., addresses the leaders of the departments of State, Homeland Security, Justice and Treasury - Antony Blinken, Alejandro Mayorkas, Merrick Garland and Janet Yellen, respectively - noting: "We urge [the departments] to pursue all options available to protect American communities and infrastructure from the growing threat of ransomware."
In the letter, the lawmakers push for "stronger coordination" between departments to address the role of cryptocurrency in facilitating the attacks. There has been a wave of high-profile attacks in 2021, including those hitting Colonial Pipeline and temporarily halting the East Coast's fuel supply; meat producer JBS USA; and managed service provider Kaseya, which affected some 1,500 downstream organizations.
The four departments did not immediately respond to Information Security Media Group's request for comment.
A 'Difficult, Dangerous, and Expensive Problem'
In their letter, the lawmakers call ransomware an "increasingly difficult, dangerous, and expensive problem for government, private corporations, and small businesses." They point to 2020 figures from the FBI's Internet Crime Complaint Center, or IC3, which received nearly 2,500 ransomware reports with related losses amounting to $29.1 million. There was a 20% increase in reported incidents, and a 225% increase in ransom amounts demanded by hackers since 2019, the lawmakers say. Worse still, they add, some 70% to 75% of ransomware attacks remain unreported.
Markey, Whitehouse, Langevin and Lieu say this surge "threatens national security," as attackers can disrupt critical infrastructure and siphon sensitive data.
The Role of Cryptocurrency
The lawmakers say cryptocurrency has "facilitated this explosive growth" by "offering easy, fast and difficult-to-trace methods for laundering illicit gains." They call for increased enforcement of existing money laundering and financial crimes statutes to deter ransomware attacks and aid in the recovery of crypto ransoms.
This work, they say, will rely on international partnerships: "Many ransomware attacks originate in jurisdictions outside the reach of U.S. domestic law enforcement, requiring U.S. agencies to work with foreign partners and cryptocurrency exchanges in order to seize ransomware payments or other related assets."
The attackers, the lawmakers continue, reside largely within Russia, China and North Korea, which "are countries that have actively or tacitly supported ransomware attacks against the U.S. and interfered with U.S. efforts to expatriate cryptocurrency ransoms."
Commenting on Friday's letter, William Callahan, a former special agent in charge for the Drug Enforcement Administration, tells ISMG, "Federal law enforcement agencies have been investigating the use of cryptocurrency for illicit purposes since the early days of the Silk Road investigation, almost 10 years ago. The proliferation of cryptocurrency has not only facilitated an explosive growth in ransomware attacks, but has grown as a payment method for other [activities on the] dark web."
'Recognize the Urgency'
The lawmakers praise recent White House efforts "to recognize the urgency" of the ransomware threat - citing the Department of Justice's effort to recover over $2.7 million in cryptocurrency following the Colonial Pipeline attack. They also praise the Treasury Department's sanction against Suex, a Russia-based cryptocurrency exchange that has allegedly aided ransomware actors.
Last week, the Department of Justice also announced it will create a National Cryptocurrency Enforcement Team, or NCET, to trace and help recover assets lost to fraud and extortion - including crypto payments to ransomware groups.
"We believe that expanding efforts to seize cryptocurrency ransoms and increasing the costs associated with facilitating ransom payments can certainly help deter ransomware attacks by decreasing their profitability and changing threat actors' incentives," the lawmakers note.
And Callahan, currently the director of government and strategic affairs for the firm Blockchain Intelligence Group, adds, "The illicit use of cryptocurrency requires not only a whole-of-government approach, but an all-governments approach, just like we did with drug trafficking to combat transnational criminal drug trafficking organizations."
Callahan believes these efforts will require additional funding from Congress.
Neil Jones, a cybersecurity evangelist for the firm Egnyte, tells ISMG that "with the escalating volume of ransomware attacks and ballooning ransom payments, it's clear that current approaches to addressing ransomware just aren't working."
Jones praises recent congressional efforts to introduce reporting legislation that would provide a mechanism for the U.S. government to assess and utilize critical cyberattack data. This, among other measures, he says, may also help turn the tide.
Tyler Farrar, a former cryptologic warfare officer for the U.S. Navy and currently CISO of the security firm Exabeam, also says disrupting these crypto-locking attacks and protecting critical infrastructure will require "reporting risks and attacks in real time." It's a course Congress has begun to pursue in recent weeks.
The Oct. 8 letter requests that the four department heads address the following by Oct. 29:
- Ways the U.S. has worked with regional and international partners to attribute ransomware attacks, pursue bad actors and develop crypto norms and best practices;
- How U.S. agencies have located and repatriated crypto assets, and methods within nations that have not signed a Mutual Legal Assistance Treaty;
- Details on attempts made to seize crypto assets from ransomware gangs over the past five years;
- Whether agencies have considered sharing data with insurers to facilitate action against crypto exchanges or cybercriminals;
- Whether the DOJ needs specific authority to direct forfeiture funds into endpoint security and other cyber defenses or to assist victims;
- How crypto exchanges are treated when they do not adhere to "know your customer" or anti-money laundering or counterterrorism financing practices;
- What resources the agencies need from Congress to improve international cooperation or seize stolen funds.