Government and industry look to cryptocurrency regulation to slow ransomware

However, experts warn that crypto laws won’t be a silver bullet against attacks

Tech companies and industry groups are urging governments to act against the rising threat of ransomware by regulating cryptocurrency.

The Ransomware Taskforce has released a report urging governments to require cryptocurrency exchanges, crypto kiosks, and over-the-counter trading desks to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws. The task force comprises participants from governments, software firms, cyber security vendors, non-profit and academic institutions worldwide.

The Combating Ransomware report made 48 recommendations to address the ransomware threat.

It called on the US to “lead by example” and execute a “sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House.”

It said this must include the establishment of an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; an internal US Government Joint Ransomware Task Force; and a collaborative, private industry-led informal Ransomware Threat Focus Hub.

The report also urged coordinated, international diplomatic, and law enforcement efforts to proactively prioritize ransomware through a comprehensive, resourced strategy, “including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.”

Industry figures welcomed tighter regulation but said such laws should not treated as a sole means of stopping ransomware.

Peter Grimmond, International CTO & International VP Technical Sales at Veritas Technologies, told ITPro that tighter regulation on cryptocurrencies will certainly “throw a spanner in the works for cybercriminals but businesses should be wary of thinking of this as a silver bullet or of letting their guard down.”

“Hackers have a long history of finding ways of getting paid for their activity. In the early days, it was sending cheques to anonymous PO boxes, then making payments to anonymous vendors on eCommerce marketplaces. As these routes were shut down, hackers evolved their payment demands to cryptocurrencies,” Grimmond said.

Grimmond added that while he supported any move that makes it harder for criminals to take advantage of the organizations, businesses should be wary of a false sense of security cryptocurrency regulation might bring and remain mindful that the best way to protect themselves is to ensure their data is backed up and encrypted.

Related Resource

The business guide to ransomware

Everything you need to know to keep your company afloat

The business guide to ransomware - whitepaper from DattoDownload now

Ilia Kolochenko, CEO, founder, and chief architect at ImmuniWeb, told ITPro the report provides a broad spectrum of valuable and bright ideas. However, most of them are "burdensome and far too expensive from a practical viewpoint."

"Strong global collaboration to combat cybercrime is probably a utopia, especially amid the rapidly growing political tensions around the globe, unclarity of international law’s application to cyberwar and disruptive aggressions in the digital space," Kolochenko said.

"Sadly, virtually all Western law enforcement agencies are significantly underfunded today, while efficient combat with ransomware will probably require at least a tenfold budget increase - just to address this isolated phenomena. Spiraling pandemic losses will unlikely allow countries to spend more on cybercrime prosecution and investigation units unless the private sector donates billions of dollars. Fighting digital currencies is a waste of time, cybercriminals will find a myriad of other smart ways to bypass sanctions and get paid in impunity."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Tech firms condemn anti-DACA ruling
Policy & legislation

Tech firms condemn anti-DACA ruling

19 Jul 2021
China tightens the reins on cyber security
cyber security

China tightens the reins on cyber security

13 Jul 2021
Department of Health and Human Services must improve cyber security info sharing
Security

Department of Health and Human Services must improve cyber security info sharing

30 Jun 2021
Regtech and the elimination of paper
compliance

Regtech and the elimination of paper

20 May 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021