Governments worldwide to crack down on ransomware payment channels

Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.

The joint statement was issued following the virtual Counter-Ransomware Initiative meetings facilitated this week by the White House National Security Council in response to ongoing attacks that revealed significant vulnerabilities across critical worldwide infrastructure.

It was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States.

Blocking ransomware gangs’ abuse of cryptocurrency

Publicly disclosed ransomware payments have reached almost $500 million worth of cryptocurrency globally during the last two years ($400 million in 2020 and over $80 million in Q1 2021).

Mitigating the abuse of virtual assets on a global scale would impact the business model and the main instrument used by the ransomware cybercrime groups to collect ransoms from their victims and launder the funds obtained in attacks targeting organizations around the world.

The Counter-Ransomware Initiative hopes to drain their funding and take down their operations by disrupting the ransomware groups’ funding channels.

“We acknowledge that uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors seeking platforms to move illicit proceeds without being subject to appropriate anti-money laundering (AML) and other obligations,” the officials said.

“We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities.”

The efforts to disrupt ransomware groups’ abuse of cryptocurrency will include regulators, financial intelligence units, and law enforcement regulating, supervising, investigating, and taking action against virtual asset exploitation.

“We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing,” the officials added.

The states behind this action will leverage their financial institutions and infrastructure to jointly fend off ransomware activity targeting international partners’ critical infrastructure.

Complementary efforts will also include disrupting the ransomware ecosystem through law enforcement collaboration, improving network resilience to prevent attacks, addressing ransomware criminals’ safe-havens, and diplomatic engagement to encourage other countries to address ransomware operations active within their territory.

Ongoing effort to disrupt ransomware threats

In September, the U.S. Treasury Department announced its first-ever sanctions against a cryptocurrency exchange for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.

The U.S. government has also levied sanctions against other threat actors and entities associated with ransomware gangs in recent years.

Two years ago, in 2019, the U.S. charged multiple members of the Evil Corp for stealing more than $100 million and added them to the Office of Foreign Assets Control (OFAC) sanctions list.

Evil Corp has been linked to multiple ransomware families over the years, including WastedLocker, Hades, Phoenix CryptoLocker, and PayLoadBin.

In October, the U.S. Treasury also warned that ransomware negotiators could face civil penalties for facilitating ransom payments if they involved ransomware gangs already on its sanctions list.

In July, Interpol urged police agencies and industry partners worldwide to fight together against the ransomware threat after G7 leaders asked Russia to crack down on ransomware gangs operating within its borders.