Key Takeaways
Cryptocurrencies allow criminals to move large sums of money across borders in seconds in a pseudonymous way
There is a correlation between the rise of cryptocurrencies and the frequency of ransomware attacks
Anti-money laundering controls have made it possible for law enforcement to track some ransomware payments, but this takes a lot of time and resources
Cryptocurrency as a preferred payment method for criminals
There has been a long outstanding problem for large scale criminals: how to transport and hide huge sums of illegally obtained money without getting caught?
In the past few years, ransomware hackers have found a near perfect solution — cryptocurrencies like Bitcoin. It's fast. It's easy. Best of all, it's largely anonymous and hard to trace.
A recent example of a major cryptocurrency ransom is the world’s largest meat processor, JBS. Last month, JBS announced that it paid $11 million in Bitcoin to cybercriminals. The criminals’ attack knocked out meat plants that process nearly one fifth of the country’s meat supply. “It was very painful to pay the criminals, but we did the right thing for our customers,” said Andre Nogueira, chief executive of JBS’s U.S. division. The FBI has blamed the JBS attack on a Russian criminal gang.
Offshore hackers now have the possibility to move millions of dollars worth of cryptocurrency across national borders in seconds. “There’s a direct correlation,” says Kevin Mandia, CEO of cybersecurity firm FireEye. “When you look at the rise of ransomware, it absolutely aligns with the rise of anonymous digital currencies.”
“It’s no question it’s an enabler that you can break in anonymously and be paid anonymously, and now you can commit crime from 10,000 miles away in a safe harbor,” Mandia added.
Is Bitcoin really anonymous?
Ironically, cryptocurrency exchanges take place on what are called "public ledgers." This means anybody can observe the transactions online. You can see exactly the way the money moves from one address, and one wallet, to another. However, there is no way for us to associate a person with these wallets. And a lot of people don’t have just one address or wallet, but have dozens or hundreds.
The parties in a transaction are anonymous, disguised with a random number. This means that Bitcoin is not really anonymous - it is pseudonymous. Hackers can keep moving the currency from one anonymous account to another. That makes it very difficult — though not impossible — to trace.
Privacy coins like Zcash and Monero may get a bad rap for enabling criminal activity, but they are not as prevalent as people think. In fact they represent only 1% of all ransom paid. According to Liat Shetret, senior advisor for crypto policy and regulation for Elliptic, a blockchain analytics company, privacy coins do not spur ransomware. She explains, “privacy coins are not the crypto asset of choice for ransomware because Bitcoin is easier to obtain. With privacy coins, the cash-out options are more limited, and that minimizes the hackers ability to mobilize their money.”
A case for crypto traceability
Not everyone agrees that cryptocurrencies are fueling cyberattacks. Katie Haun, a partner at venture capital firm Andreessen Horowitz who invests in crypto start-ups, says that it’s a “myth that bitcoin is good for criminal activity.”
It is true that investigators and prosecutors are solving cases where cryptocurrency was used by criminals. Consider the case of Colonial Pipeline, which was hacked last month, leading to the shutdown of gasoline supplies in the eastern U.S. for the better part of a week. The Justice Department said this week that the FBI recovered more than half the $4.4 million in ransom that Colonial paid to the hackers, who are known as DarkSide and believed to be based in Russia.
It can be argued that crypto is an improvement when compared to existing financial systems in terms of traceability. “People often say, ‘How can that possibly be? Isn’t crypto anonymous?’ The fact is, when crypto is used for illicit activity it leaves ... digital bread crumbs, and I can tell you that, firsthand, I used blockchain technology to actually solve crimes”, says Haun, who is also a former federal prosecutor.
How Bitcoin is traced
Law enforcement can track down bad actors by analyzing their end-to-end transactions across currencies and crypto exchanges. This is not an easy task and it only works when crypto exchanges have KYC/AML (Know Your Customer/Anti-Money Laundering) controls for all of the digital assets that they list. With transparency into the digital asset on the blockchain, you can immediately identify where the money came from and where it is going.
In the U.S., crypto exchanges are required to have the same types of KYC/AML controls as banks. In 2019 the Treasury Department, the Securities and Exchange Commission and the Commodity Futures Trading Commission defined crypto exchanges as money service businesses, therefore making them subject to federal anti-money laundering and know-your-customer rules.
Further regulation could lead to a concentration of illegal crypto-related activity in unregulated and under-regulated jurisdictions, such as exchanges that are based in countries outside the U.S. that are not overseen by these regulators. Overly aggressive regulation could simply push more activity on to these Non-US / Non-EU based services.
The FBI discourages ransom payments, and some companies do refuse to pay. But the decision is up to the company or institution that has been hit, and many feel it's better to pay and resume operations rather than risk a protracted shutdown.
Even with KYC/AML controls in place it takes a great deal of effort to trace a transaction that does not want to be caught. The Colonial Pipeline ransom recovery is far from the norm, because the FBI poured resources into the case due to it’s high profile. The FBI won’t be able to dedicate the same resources to every case.
Experts may disagree to which extent cryptocurrency has spurred the rise in ransomware, but it is undeniable that this new technology has changed that criminal industry. Crypto has introduced a new player into the money laundering game of cat and mouse and it is up to lawmakers and innovators to respond to the ever-changing landscape of cybersecurity threats.