Yesterday, the US Senate Homeland Security and Governmental Affairs Committee (HSGAC) held a hearing, the topic of which was crypto payments for ransomware attacks.
Summary
Record crypto transactions for ransomware attacks
During the hearing, the committee heard from a panel of industry experts, including Chainalysis’ Chief Cyber Threat Intelligence Officer Jackie Koven.
Koven reported that Chainalysis had identified as much as $712 million paid to ransomware attackers in 2021, an all-time high.
74% of this money allegedly went to Russian attackers, or those with connections to Russia.
The average payment was $121,000, with the median at $6,000.
Furthermore, he reported that real attackers often use a Ransomware-as-a-Service model. To carry out the attack, they use external tools provided to them, obviously for a fee, by organizations that are capable of doing so from a technical point of view.
US Senator Gary Peters, chairman of HSGAC, convened this hearing precisely to examine whether cryptocurrencies have facilitated the rise of ransomware attacks. Peters had previously published an investigative report on this role, which revealed that the government lacked sufficient data and information on ransomware attacks and the use of cryptocurrencies in this area.
Peters himself is the author of a law that requires owners and operators of critical infrastructure to report cyber attacks and ransomware to the Cybersecurity and Infrastructure Security Agency (CISA).
During the hearing, the findings and recommendations of Peters’ investigative report were discussed, and questions were put to three experts in the field: Megan Stifel, Chief Strategy Officer of the Institute for Security and Technology, Bill Siegel, CEO of Coveware, and Jacqueline Burns Koven of Chainalysis.
Experts’ views on the spread of this type of cyber attack
Megan Stiffel pointed out that ransomware is an extortion technique that existed even before the emergence of cryptocurrencies. Nonetheless, it is possible that the use of cryptocurrencies played a role in the spread of these attacks, given the difficulty in tracking crypto transactions.
One of the biggest problems in combating these attacks is information gathering, with data often confused and difficult to find. Stiffel in this regard suggested the designation of a single public agency to receive and classify data, so as to make collection less messy.
In this regard, Koven added that blockchain analysis can provide:
“an immediate insight into the network of wallet addresses and services (eg exchanges, mixers, etc.) that assist the illicit actor”.
As opposed to the lengthy processes of traditional financial investigations.
He also revealed that government sanctions imposed on attackers and those who assist them prove to be very effective. He cited as an example the sanctions imposed on the Russian crypto exchange Garantex and the operator Suex, with money flows dropping to almost zero after the sanctions were applied.
Perhaps only crypto experts have understood how useful blockchain can be in cases like this, if the right investigative tools are used.
