[BreachExchange] Bitcoin price boom is helping sustain ransomware hackers, FBI says

Wed Nov 17 11:17:11 EST 2021

https://www.marketwatch.com/story/bitcoin-price-boom-is-helping-sustain-ransomware-hackers-fbi-says-11637089437

Ransomware actors have not eased their attacks on U.S. companies and
institutions in recent months and high cryptocurrency prices are helping to
bolster cyber criminal networks, a key Federal Bureau of Investigation
official told lawmakers on Tuesday.

“In the last six months, we have not seen a decrease in the amount of
frequency of reporting of ransomware attacks,” Bryan Vorndran, assistant
director of the FBI’s Cyber Division, told the House Committee on Oversight
and Reform. “We attribute that to the simple fact that it’s incredibly
lucrative for the criminals. That’s partially due to the valuation of
virtual currency, but it’s partially due to the vulnerability of our
systems and in our infrastructure.”

The price of bitcoin BTCUSD, -0.84%, the virtual currency used for most
high-profile ransomware payments, has increased nearly 300% over the past
year from less than $18,000 to more than $60,000 today.

The hearing was part of a congressional investigation into a spate of
multimillion dollar ransomware attacks on major U.S. companies in 2021,
including those on CNA Financial Corporation CNA, -0.55%, Colonial Pipeline
Co. and the U.S. division of JBS Foods JBSAY, 0.13%. CNA ultimately paid a
$40 million bitcoin ransom to cybercriminals to recover its network, while
Colonial Pipeline paid $4.4 million and JBS paid $11 million, according to
the committee.

The hearing also featured testimony from White House National Cyber
Director Chris Inglis and Brandon Wales, executive director of the
Cybersecurity and Infrastructure Security Agency, and all three witnesses
urged Congress to pass legislation that would require private companies to
notify the government when they are faced with a ransomware attack.

Congress is currently debating whether to mandate such notification and
whether companies should be required to notify the government within 24 or
72 hours, and the witnesses urged the committee to support a faster
notification requirement.

“The faster we get the information, the faster we can deploy a local cyber
threat expert to victims to work, track, freeze and seize funds taken and
ultimately hold cybercriminals accountable,” the FBI’s Vorndran said.
“Twenty-four hours probably wouldn’t seem like a big delay to most people,
but the help we can offer within that time can be the difference between a
business or a piece of critical infrastructure staying afloat or being
crippled.”

The FBI has touted recent successes in recovering ransom funds of late,
including the seizure in June of 64 bitcoin paid by Colonial Pipeline to
hackers, then valued at about $2.3 million, from a virtual wallet. Last
Monday, the DOJ announced that it had arrested  Ukrainian Yaroslav
Vasinskyi and Russian Yevgeniy Polyanin, alleging them to be part of the
REvil ransomware gang that perpetrated the attack on JBS. It also said that
it had recovered $6.1 million in ill-gotten gains from Polyanin.

National Cyber Director Inglis said Polyanin’s arrest, which occurred when
he crossed the border into Poland, shows the U.S.’s diplomatic and
offensive efforts to thwart cyber criminals are paying dividends.
“Cyberspace is a borderless terrain, and therefore, as much as they can
reach us we can reach them,” he said. “If we bring allies to bear, we can
use jurisdiction in places like Poland and Romania to apprehend these
criminals and bring them to justice using the courts of law that exists in
the West.”

In January, international law enforcement agencies, including the FBI,
announced that a joint effort had successfully taken down the EMOTET
ransomware service by hacking it, gaining control of its infrastructure and
“taking it down from the inside,” according to a Europol press release.

The panelists stressed that despite these offensive successes, ransomware
cannot be stopped without bolstering defenses at the government, corporate
and individuals levels, as more than 90% of criminal breaches are the
result of human error, like clicking on an infectious hyperlink. Inglis
said institutions must make it a top priority to train their people on
cyber hygiene.

“The vast majority of those people don’t intend to make those mistakes,”
Inglis said, “They simply make them. They are not well equipped to make an
appropriate choice at the moment.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211117/a8f4431f/attachment.html>