Skip to content

Ransomware attacks are rampant in the United States. With alarming regularity, cybercriminals disrupt computer systems that control important pieces of infrastructure and refuse to restore access until they are paid – usually in Bitcoin or some other decentralized and difficult cryptocurrency. to draw.

In May, cybercriminals shut down one of the largest oil pipelines in the United States. In June, cyber attacks prompted the world’s largest meat processing company to shut down nine beef factories. Attacks on smaller entities – the Steamship Authority of Massachusetts, the city government of Baltimore – attract less attention, but show just how common ransomware crime has become.

The Biden administration has taken steps to address the issue. An executive order in May ordered the federal government to improve coordination on the issue. A national security memorandum in July set better security standards for U.S. industrial control systems. And last week, in a White House meeting, President Biden called on executives at Apple, Google and other companies to do more to prevent cyberattacks.

But none of these efforts tackle the problem at its root. Ransomware attacks happen because criminals make money out of them. If we can make it harder to take advantage of such attacks, they will decrease.

The United States can make it more difficult. By regulating cryptocurrencies more aggressively, the government can limit their use as an anonymous payment system for illegal purposes.

In the non-virtual world, kidnappings for ransom largely fail. Between 95% and 98% of criminals involved in kidnapping for ransom cases reported to police are arrested and convicted. Why? Partly because the moment the victim is exchanged for cash, the criminal faces a great risk of identification and capture.

Ransomware attacks are different. Cybercriminals can ‘kidnap’ a business remotely and receive payments anonymously and securely in the form of cryptocurrency. (Technically, using cryptocurrency is just a pseudonym, but in practice, the challenge of identifying a user is daunting.)

What should the US government do to make cryptocurrency harder for criminals to use? First, it should adopt and enforce regulations for the cryptocurrency industry equivalent to those governing the traditional banking industry. According to a recent report from the Institute for Security and Technology, cryptocurrency exchanges, “kiosks” and “trading desks” do not obey laws that target money laundering, terrorist financing and trading. reporting of suspicious activity. These laws should be applied in the same way in the digital domain.

For example, some cryptocurrency services offer a “tumbler” feature. Goblets take cryptocurrencies from many sources, shuffle them and then redistribute them, making financial transactions more difficult to trace. This practice resembles money laundering and would be illegal in the non-virtual world.

The United States should also take steps to ensure that offshore cryptocurrency exchanges follow internationally agreed rules for legal banking. Ideally, such actions would be multilateral, but given that Russia is unlikely to agree to stop serving as a safe haven for ransomware gangs, unilateral action will likely be necessary.

To do this, the US banking system would have to deny access to cryptocurrency exchanges unless it demonstrates that it is equipped and prepared to prevent ransomware gains. It may appear that cryptocurrency exchanges operate independently of traditional banking operations, but to be fully valuable digital currency must also be convertible to cash, so there would be a strong incentive for exchanges to comply.

The United States should also ban transactions with the United States banking system by foreign banks that do not impose stricter regulations on cryptocurrency. Because access to the US financial market is vitally important to foreign banks, they too would have a strong incentive to comply.

If stricter regulations don’t end the use of cryptocurrency to pay ransoms, the United States can still consider disrupting a cryptocurrency like Bitcoin. Government hackers could disable cryptocurrency exchanges’ servers, block their internet traffic, or infect their payment systems with malware. This would be an extreme and very aggressive solution, which would jeopardize the many legitimate value repositories that cryptocurrencies represent.

But ransomware attacks are a serious and growing problem. The anonymous and poorly regulated nature of cryptocurrency provided the spark that started the ransomware fire. At some point, we may have to consider starving hell out of fuel.

The United States doesn’t have as much of a ransomware problem as it does with an anonymous ransom. If we can change the payment system to make pickup less profitable, we will go a long way towards a solution.

Paul Rosenzweig (@RosenzweigP) is the founder of Red Branch Consulting. He was Deputy Assistant Secretary for Policy at the Ministry of Homeland Security from 2005 to 2009.

The Times commits to publish a variety of letters For the publisher. We would love to hear what you think of this article or any of our articles. Here is some tips. And here is our email:

Follow the Opinion section of the New York Times on Facebook, Twitter (@NYTopinion) and Instagram.

nytimes Gt

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.