The Double-Edged Sword of Crypto in RansomwareHackers Treasure Crypto's Anonymity, Cybercrime Defenders its Traceability
Ransomware actors traffic "almost exclusively" in virtual assets, said Brian E. Nelson, undersecretary for terrorism and financial intelligence at the U.S. Department of the Treasury.
Although cryptocurrency is integral in facilitating ransomware activity, it can also be used as a means to attack the problem, said Marshall Miller, principal associate deputy attorney general at the U.S. Department of Justice. One thing about the blockchain: Everybody is visible on it (see: Norwegian Authorities Seize $5.86 Million From Lazarus Group).
Seizing back stolen assets and using them to reimburse victims in order to encourage crime reporting is how law enforcement can "start to make a real difference in attacking ransomware," Miller said.
Getting the right balance when it comes to protecting the privacy of legitimate users and tracking bad actors is tough. Cryptocurrency mixers, for instance, are meant to protect the privacy of users who want to transact anonymously. But threat actors, particularly those from North Korea, use them to obfuscate the origin and destination of funds, while reducing law enforcement visibility into their flow, Nelson said. The Kim Jong Un regime has used these services to launder billions of dollars to fund its weapons of mass destruction program (see: Banner Year for North Korean Cryptocurrency Hacking).
The key is for private and public sectors to work together to determine how to incorporate virtual currencies into the payments system in a way that doesn't benefit bad actors, Nelson said.
Miller added that law enforcement typically goes after the "worst of the worst," targeting cryptomixers and exchanges that market themselves as facilitators of cybercrime. Ensuring that we have a clear regulatory system and the tools that we need from a legislative standpoint are key for law enforcement to target bad actors, while allowing legitimate users to maintain anonymity, he said.