Two offices of the U.S. Department of the Treasury have issued advisories on ransomware payouts, which they say pose a threat to national security. The Financial Crimes Enforcement Network or FinCen reminded cryptocurrency processing companies of their duty to file suspicious activity reports when they have a reason to suspect that their services are being engaged for such payouts to sanctioned individuals:
“Among these entities are digital forensics and incident response (DFIR) companies and cyber insurance companies (CICs). Some DFIR companies and CICs, as well as some MSBs that offer CVCs [convertible virtual currency], facilitate ransomware payments to cybercriminals, often by directly receiving customers’ fiat funds, exchanging them for CVC, and then transferring the CVC to criminal-controlled accounts.”
The announcements also note that while Bitcoin (BTC) remains the favorite currency of the cybercriminals, there is a trend toward greater use of privacy coins. Apparently, some criminals have even offered a discount to those who chose the latter.
Recently, the IRS awarded two $625,000 contracts to Chainalysis and Integra FEC to develop tools that would help track the most elusive privacy coin, Monero (XMR).
The Treasury Office of Foreign Assets Control’s (OFAC) statement emphasizes that some of the biggest ransomware attacks of the recent past were perpetrated by foreign actors. It stressed that the funds received as a result of such activity could be used to the detriment of U.S. national security. OFAC also restated that in addition to having a list of sanctioned individuals with whom U.S. persons are prohibited from transacting, there are certain countries and regions that are on the list as well. Financial service providers who choose to ignore those restrictions may be penalized.
Many cybersecurity experts have been saying for years that the only way to put an end to malware attacks is to stop paying the ransom. A threat analyst at malware lab Emisoft, Brett Callow told Cointelegraph:
“Critically, ransoms must stop being paid. Attacks like this happen for one reason and one reason only: because some companies pay the criminals. If nobody paid the criminals, there’d be no more ransomware. It’s that simple.”
Yet, it appears to be the first serious attempt by the U.S. government to crack down on these payouts and on those who facilitate them.