Crypto Channels Targeted in Biden's Fight Against Ransomware (bloomberg.com) 19
The Biden administration plans a fresh campaign against ransomware attacks through sanctions to cut off criminals' cryptocurrency pipelines, and it urged companies to report extortion attempts and better protect themselves from them. From a report: Deputy Treasury Secretary Wally Adeyemo told reporters that the sanctions would be imposed on Suex, a cryptocurrency transferring service that's registered in the Czech Republic. He said Suex had "facilitated transactions involving illicit proceeds for at least eight ransomware variants. He said "exchanges like Suex are critical to attackers' ability to extract profits," pointing out that this was the first such action by the Office of Foreign Assets Control against a virtual currency exchange. Both Adeyemo and Deputy National Security Adviser Anne Neuberger, who also briefed reporters in a conference call on Monday evening, underscored the importance of ransomware victims coming forward and vulnerable businesses and organizations taking steps to bolster their security. Adeyemo announced new Treasury Department guidance that makes "an express statement that the U.S. government strongly discourages the payment of cyber ransoms or extortion demands."
Losing my ass (Score:1)
Choking crimminals. (Score:3)
Well since no one can make a sound argument FOR cryptocurrency this may be one of the sounds of it's death.
Re: (Score:2)
Indeed. Of course, there are _tons_ of unsound arguments for this crap, but pretty much every bad idea has those...
Good (Score:4, Insightful)
The only way to get organized crime rings to not extort is to make it more costly, if not criminal, to pay an extortionist. Otherwise, victims will continue to pay them and all the organized crime ring needs to do is watch the money roll in. After that, you formally define the extortionists and their organized crime rings as terrorist organizations. Because that's what they are. This gives you increased sanctions against them, their members, and the countries that harbor them.
Re: (Score:2)
formally define the extortionists and their organized crime rings as terrorist organizations. Because that's what they are.
I dislike these fools as much as you but terrorism is by definition driven by ideology. They are criminals, not terrorists.
Re: (Score:2)
formally define the extortionists and their organized crime rings as terrorist organizations. Because that's what they are.
I dislike these fools as much as you but terrorism is by definition driven by ideology. They are criminals, not terrorists.
Well, yes. But they are _organized_ crime and that is a different level.
Plan (Score:4, Informative)
The US government doesn't seem to have a coherent plan in place to deal with this. A year and a half ago, an acquaintance's company was hit with a ransomware attack. The FBI said if the company paid the ransom, they would be brought up on federal charges and the owners would see jail time. So the company limped along for a couple of months until they could get their systems wiped and back up and running.
A few months ago there was a story on Slashdot where another company got hit with a ransomware attack, and the FBI recommended that the company *pay the ransom*
So what is the strategy? Is there a strategy?
Re: (Score:2)
Immediate Actions You Can Take Now to Protect Against Ransomware
Make anoffline backup [cisa.gov]of your data.
Do not click onsuspicious links [cisa.gov].
If you useRDP [ic3.gov], secure and monitor it.
Update [cisa.gov]your OS and software.
Usestrong passwords [cisa.gov].
Usemulti-factor authentication [cisa.gov]
Re: (Score:2)
All of this is great stuff....but this one always raises my hackles:
Do not click onsuspicious links [cisa.gov].
My company harks about 'don't click on links in the Emails'...they hire companies to send EMails to us unsuspecting peons with links so that they can slap us when we click on them....
Then the IT department, Training Department, Yammer, and all the other tools they run go and send thousands of Emails with links that need clicking....
I think they have suckered me twice to click on one of their test emails...uhhh.
Crypto is unrelated to cybercrime (Score:1)
But because the government has no clue how to do one, theyâ(TM)ll go after legitimate users of the other.
Cryptocurrency is just a method of exchange, before it existed, ransomware wanted bank transfer that was then laundered through other ransomed, compromised and foreign businesses.
China and Iran and a few other 3rd world and tax haven countries were heavily involved in pre-crypto ransomware. The only reason ransomware proliferated is because the targets became softer and the government threw their ha
Re: (Score:2)
Cryptocurrency is just a method of exchange, before it existed, ransomware wanted bank transfer that was then laundered through other ransomed, compromised and foreign businesses.
Untrue. Cryptocurrencies are what makes a lot of online crime possible in the first place. Basically nobody ever did ransomware via bank transfer or at least basically nobody did so successfully without getting caught. There may be as small number of cases where this worked, but that is it. You know, maybe because bank transfers can be traced and Interpol has a lot of experience doing so and it is _especially_ easy of you set up tracing _before_ the transfer is done?
Sure, small fraud may occasionally use ba
Re: (Score:1)
You may not substitute your fantasy about the efficiency of government entities like Interpol of how reality works for the real thing. It may make you look stupid.
Remember that period of time when there were tons of online ads for 'make lots of money fast' and it was basically receiving cash in your bank account and re-depositing it somewhere else, eventually they'd purchase something expensive, converting cash into goods, dead-drop it to a PO Box forwarder which then exports it where it can be resold. Thos
So, KYC & AML doesn't work then? (Score:2)
This would be instead of Making it illegal for victims to pay ransom demands, I presume.
Looks like an admission that KYC and AML rules on exchanges are B.S and more of a data grab.