Chainalysis reported that ransomware payments reached a new record in 2020 ($692 million), with 2021 likely to surpass it when all data is available. Ransomware’s role as a geopolitical instrument — and not just as a money grab — has been increasing since the Ukraine-Russia conflict.
A new U.S. law may be able to stem the rising tide of extortionists. The Strengthening America Cybersecurity Act (or the Peters bill) was signed by President Joe Biden. It requires infrastructure companies to report any cyber-attacks within 72hrs and 24 hours if they pay ransomware.
This is why it is important. As demonstrated in the Colonial Pipeline case last spring, blockchain analysis has been increasingly successful in disrupting ransomware network, with the Department of Justice able to recover $2.3million from a pipeline company that had paid ransomware ring.
To maintain this positive trend, however, more data must be available and it must be delivered in a timely manner. This is especially important for malefactors’ crypto addresses as nearly all ransomware attacks involve cryptocurrency-based blockchains, most commonly Bitcoin (BTC).
The new law will help in this area because ransomware victims have not reported the extortion to authorities or other parties.
U.S. President Joe Biden and Office of Management and Budget director Shalanda young at the White House, 28 March 2022 Source: Reuters/Kevin Lamarque
Roman Bieda from Coinfirm’s fraud investigations said that “it will be very useful.” “All users can instantly ‘flag’ specific addresses, transactions or coins as ‘risky […] to identify the risk before any laundering attempts.”
Allan Liska from Recorded Future, a senior intelligence analyst, said that it will help in the analysis of blockchain forensic researchers. “Ransomware groups may switch wallets in response to ransomware attacks, but the money ultimately flows back to one wallet. He said that blockchain researchers are very adept at connecting these dots, despite the use of confederate money launderers and ransomware rings.
Siddhartha Dalal, Columbia University professor of professional practice, agreed. Dalal, a Columbia University professor of professional practice, co-authored a paper entitled “Identifying Ransomware Attackors in the Bitcoin Network”, last year. It described how he and his colleagues were able to use graph machines learning algorithms and blockchain analysis with “85% prediction accuracy” on test data sets to identify ransomware attacks.
Although their results were encouraging, they stated that their algorithms could be improved and more reliable to achieve greater accuracy.
Forensic modelers face a challenge when working with highly distorted or imbalanced data. Columbia University researchers were able draw on 400 million Bitcoin transactions, close to 40,000,000 Bitcoin addresses, and only 143 ransomware addresses. The non-fraud transactions outnumbered the fraudulent transactions. The model will mark many false positives, or omit fraudulent data, if the data is as distorted as this.
In an interview last year, Coinfirm’s Bieda gave an example of this problem:
Imagine you are trying to create a machine learning model that can pull photos of dogs from a collection of cat photos. However, you only have one dog photo and 1,000 cat photos. Machine learning models would learn that all photos can be treated as cat photos, and the error margin is only 0.001.
The algorithm would guess “cat” every time and render the model useless even though it scores high overall accuracy.
Dalal was asked whether the new U.S. legislation would expand the public database of “fraudulent Bitcoin” and crypto addresses necessary for a more efficient blockchain analysis of ransomware network.
Dalal stated that there is “no doubt about it” to Cointelegraph. “Officially, more data is always better for any analysis.” But, even more important, ransomware payments will now have to be disclosed within 24 hours of the payment. This allows for “a better recovery chance and also potential identification servers and methods so that other potential victims may take defensive measures to protect themselves,” he said. This is because the majority of ransomware attackers attack other victims with the same malware.
A forensic tool that is often overlooked
It is not well-known that criminals using cryptocurrencies to finance their activities can benefit law enforcement. Kimberly Grauer is Chainalysis’ director of research. “You can use Blockchain analysis to uncover their entire supply chains of operation,” she said. You can find out where they are buying their bulletproof hosting and where they purchase their malware. She said that blockchain analysis can provide a lot more insight into these groups at the Chainalysis Media Roundtable held in New York City.
However, this law will still take several months to fully implement. Will it really make a difference? At the same event, Salman Banaei (co-head of Chainalysis’ public policy) said, “It is a positive, that would help.” It was something we advocated for, but it wasn’t like we were blind before.” Would this make their forensic efforts more efficient? “I don’t know if it would increase our effectiveness, but we would expect some improvements in terms of data coverage.”
While there are many details that need to be worked out before the law can be implemented, one question is already being raised: Which companies will have to comply? Liska explained to Cointelegraph that the bill applies only to “entities that operate critical infrastructure.” Although this could be tens or thousands of organizations from 16 sectors, it is only a fraction of the organizations in the United States that would need to comply with the requirement.
Maybe not. Bipul Sinha (CEO and co-founder Rubrik), a data security company, said that the law cites infrastructure sectors such as financial services, IT and energy. In other words, it applies to almost everyone,” Sinha wrote in a Fortunearticle.
Another question is: Should every attack be reported? According to the Cybersecurity and Infrastructure Security Agency where companies will be reporting, even minor acts could be considered reportable. The New York Times reported that “Because there is a growing risk of Russian cyberattacks […] any event could provide important breadcrumbs leading to a sophisticated attacker.”
Is it fair to assume that war makes preventive measures more urgent? President Joe Biden and others have raised concerns about the possibility of Russian cyber-attacks. Liska says that this concern is not over — at least, not yet.
“The ransomware groups that were supposed to retaliate for the Russian invasion in Ukraine did not appear to have materialized.” As with many other wars, Russia did not coordinate well, so any ransomware groups which might have been mobilized, were not.
Chainalysis reports that almost three quarters of ransomware money was paid to Russian hackers in 2021. This suggests that there is a possibility for an increase in ransomware activity.
This is not a solution that can be used alone
Bieda said that machine-learning algorithms that track and identify ransomware actors looking for blockchain payments — almost all ransomware has been blockchain enabled — will undoubtedly improve. However, machine-learning solutions are not the only factor supporting blockchain analysis.
Dalal explained to Cointelegraph that there are still technical problems, mainly due to pseudo-anonymity’s unique nature.
“Most public blockchains do not require permission and users can create as many addresses or as they wish. Tumblers and other services that allow you to mix tainted funds with others make transactions even more complicated. This adds to the complexity of identifying perpetrators hiding behind multiple addresses.
However, things are moving in the right direction. Liska stated that “I believe we are making significant advances as an industry” and “we have done this relatively quickly.” The Department of Treasury, along with other government agencies, are beginning to recognize the potential of blockchain analysis.
Liska said that while blockchain analysis is making progress, “there’s so much money being made by ransomware, cryptocurrency theft right now, that even the impact of this work pales in comparison to the overall problem.”
Bieda is optimistic about the progress made, but it will be difficult to get blockchain fraud reported by firms, especially outside the United States. He said that Coinfirm has reported more than 11,000 victims to fraud in blockchain over the Reclaim Crypto website over the past two years. “One of our questions is “Have the victims reported the theft to law enforcement?”
Dalal stated that the government mandate was an important step in the right directions. He told Cointelegraph that this mandate will “certainly be a gamechanger” as attackers won’t be able “to repeat their favorite techniques.” They will also have to move faster to attack multiple targets. This will reduce stigma associated with attacks, and it will allow potential victims to better protect themselves.
Eileen Wilson –Technology and Energy
My Name is Eileen Wilson with more than 5 years of experience in the Stock market industry, I am energetic about Technology news, started my career as an author then, later climbing my way up towards success into senior positions. I can consider myself as the backbone behind the success and growth of topmagazinewire.com with a dream to expand the reach out of the industry on a global scale. I am also a contributor and an editor of the Technology and Energy category. I experienced a critical analysis of companies and extracted the most noteworthy information for our vibrant investor network.