The Double-Edged Sword of Crypto in Ransomware

Ransomware actors traffic “almost exclusively” in virtual assets, said Brian E. Nelson, undersecretary for terrorism and financial intelligence at the U.S. Department of the Treasury.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Although cryptocurrency is integral in facilitating ransomware activity, it can also be used as a means to attack the problem, said Marshall Miller, principal associate deputy attorney general at the U.S. Department of Justice. One thing about the blockchain: Everybody is visible on it (see: Norwegian Authorities Seize $5.86 Million From Lazarus Group).

Seizing back stolen assets and using them to reimburse victims in order to encourage crime reporting is how law enforcement can “start to make a real difference in attacking ransomware,” Miller said.

Getting the right balance when it comes to protecting the privacy of legitimate users and tracking bad actors is tough. Cryptocurrency mixers, for instance, are meant to protect the privacy of users who want to transact anonymously. But threat actors, particularly those from North Korea, use them to obfuscate the origin and destination of funds, while reducing law enforcement visibility into their flow, Nelson said. The Kim Jong Un regime has used these services to launder billions of dollars to fund its weapons of mass…