To stop ransomware attacks, a group of experts is calling on governments to clamp down on anonymous cryptocurrency transactions.
The recommendation comes from the Ransomware Task Force, a coalition of over 60 cybersecurity professionals from both the private and government sector. On Thursday, the group issued a report outlining steps governments and companies should take to stamp out the ransomware threat.
A key recommendation is to more closely regulate the cryptocurrency market. This includes demanding cryptocurrency services know the identities of each customer, undermining the privacy associated with the technology.
Ransomware attacks often work by infecting fleets of computers, and then encrypting the information inside. To free the data, victims have to pay up, usually in Bitcoin, by sending the cryptocurrency to a hacker-controlled wallet.
Although every Bitcoin transaction is logged on a blockchain—or a digital public ledger—cybercriminals have come up with ways to launder the funds, enabling them to cash out their ill-gotten gains with little trace.
However, the task force says governments should require cryptocurreny services, including ATM-like cryptocurrency kiosks and exchanges, to institute anti-money laundering measures. Doing so would help stop ransomware attackers from turning their virtual funds into real cash.
Credit: The RTF report
Another key recommendation from the report concerns companies hit by ransomware attacks. According to the task force, companies should be required to report the incident to the authorities before any ransom is paid. This would give law enforcement a chance to intervene, and send a “freeze letter” to the cryptocurrency services involved.
The same companies should also be required to consider alternatives to surrendering to a ransomware payment. “This review would also reveal whether options between payment and rebuilding the network from scratch are viable. For example, the mandate could require organizations to consult with initiatives like No More Ransom to determine if their information can be decrypted without paying,” the report says.
Recommended by Our Editors
That said, the task force acknowledges combating the ransomware threat won’t be easy. “There is no silver bullet for solving this challenge. Most ransomware criminals are based in nation-states that are unwilling or unable to prosecute this cybercrime,” the group added.
Nevertheless, the 87-page report from the Ransomware Task Force may gain supporters in the US government. Experts involved in the group included employees from Microsoft, cybersecurity companies FireEye, Crowdstrike, and McAfee, along with officials at the FBI, the US Cybersecurity and Infrastructure Security Agency, and the US Secret Service.
The report also calls on the White House to become directly involved in overseeing an anti-ransomware campaign, and for law enforcement to collaborate internationally on stopping the threat.
Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning