This problem has long plagued bank robbers and drug smugglers. How to transport and hide the huge profits you couldn’t get without getting caught?
In the last few years, ransomware hackers have found a near-perfect solution — cryptocurrencies like Bitcoin. This is fast. It’s easy. Best of all, it’s almost anonymous and difficult to track down.
The latest example is JBS, the world’s largest meat processor. Announced on Wednesday night Recently paid $ 11 million to Bitcoin after a cyberattack closed factories in the US, Canada and Australia. The FBI has accused the attack on Russian criminal gangs.
“Now we have the potential to move millions of dollars worth of cryptocurrencies across borders in seconds,” he said. Jonathan Striem-Amit, Co-founder of Cybereason, a Boston-based company that provides protection from hackers.
“Performing money laundering and moving currencies from one state to another in a way that is, in a sense untraceable and unreliable, is a very powerful tool for criminals.”
Until recently, many cybercrimes included minor theft of personal credit cards and bank accounts.
“If we were talking about it two years ago, Bitcoin is not the main form of ransom payment,” he said. Hitesh Sheth, President of cybersecurity company Vectra in San Jose, California.
Big payments, small risks
Bitcoin and other cryptocurrencies have made it possible to impose huge ransoms from large corporations, hospitals and city governments. And if a cyber thief lives in a country like Russia (many do), it’s unlikely to get caught.
Ironically, cryptocurrency exchanges take place in so-called “public ledgers.”
This means that anyone can observe it online. However, the parties to the transaction are anonymous and pretend to be random numbers.
“You can see exactly how money moves from one address, one wallet to another,” says Cybereason’s Striem-Amit. “But there is no way we can associate people with these wallets, and many have one address, one wallet, as well as dozens or hundreds.”
Therefore, hackers can continue to move currency from one anonymous account to another. This makes tracking very difficult, but not impossible.
Consider the case of a colonial pipeline that was hacked last month and stopped supplying gasoline in the eastern United States for most of the week.
The Justice Department said this week that the FBI has recovered more than half of the $ 4.4 million ransom paid to hackers whose colonials are known as the dark side and are believed to be based in Russia.
This incident has made great strides. The Justice Department said this was the first time a ransomware-focused task force was able to regain some of its money.
Still, this is unlikely to become the norm soon. The FBI has devoted resources to the colonial affair because it was a high-profile attack that closed a pipeline important to the country’s economy.
The FBI will not be able to spend so much resources on all ransomware attacks. And the case is difficult to resolve.
According to court documents, the FBI went through a maze of more than 20 crypto accounts to find hackers. When it found the account, the bureau then sought a US court order to seize the funds.
But then the real mystery comes. Even if the FBI located the computer and received a court order, the station needed a secret encryption key to unlock the account and get Bitcoin.
The FBI does not say how this was done. This can lead to widespread speculation and various scenarios in the cybersecurity community.
The FBI discourages ransom payments, and some companies refuse to pay. However, the decision depends on the company or institution that was hit, and many find it better to pay and resume operations than to risk a prolonged shutdown.
Meanwhile, private sector recognizes the need to focus more on ransomware threats.
“Cybersecurity has been a hot topic for the board of directors of large corporations in recent years,” said Hitesh Sheth of Vectra. “It’s not just cybersecurity.” Hey, how can we stop the attack? “It really came to” What is our ransomware strategy? ” It became very specific. “
Ransom demands and payments are skyrocketing.
“We have now confirmed with our clients that the ransom has been paid in excess of $ 10 million and there is a demand of $ 40 million, $ 50 million and $ 60 million.” Oren Wartman, Dealing with cyber issues of insurance brokerage Beecher Carlson.
He added that some insurers no longer cover ransomware or impose various restrictions.
“There are insurance companies out there that haven’t written any new business,” he said. “Some insurers are out of business, and some are completely out of health care, the public sector, and higher education.” All of these are often targeted.
In all these developments, the Biden administration and some MPs have begun to talk about cryptocurrency regulation. But so far, that’s just a story.
Greg Myre is a National Security Correspondent at NPR.Follow him @ gregmyre1..