Between July 2020 and June 2021 alone, ransomware activity skyrocketed by 1,070%, according to a recent Fortinet report, with other researchers confirming the proliferation of this form of extortion. Mimicking the prevailing business model of the legitimate tech world, ransomware-as-a-service portals burst in the darkest corners of the web, institutionalizing the shadow industry and slashing the skills ceiling for would-be criminals. The trend should be the sound a warning bell throughout the crypto ecosystem, particularly as ransomware attackers have a knack for payments in crypto.
That said, the industry that was once a Wild West is now taking on a more orderly environment. Slowly but surely infiltrating the mainstream, it is now at the point where some of the largest centralized exchanges (CEXs) are hiring top-tier financial crime investigators to oversee their anti-money laundering efforts.
The problem is that not all exchanges are created equal. A centralized exchange works in many of the same ways that a traditional business entity does, but this is not to say that all of them are now lining up to do their anti-money laundering (AML) right. Things get even more complicated with decentralized exchanges (DEXs), which, let’s face it, aren’t as decentralized as their name implies, but they like to claim otherwise. In most cases, DEXs have little, if anything, in terms of Know Your Customer (KYC) measures, helping users jump between currencies and blockchains at will, leaving few traces. While some of them may use various scanning services to run background checks on wallets, hackers may try to get around them by using mixers and other tools.
When it comes to ransomware cash flows, both DEXs and CEXs are very present, but criminals use them for different purposes. Criminals use DEXs, along with mixed services, to launder the ransom paid by customers, moving it from one address to another and from one currency to another. according to a recent report by the US Financial Crimes Enforcement Network. CEXs, meanwhile, function primarily as an exit point for criminals, allowing them to convert currencies into fiat.
Having stolen money moved through your network is not a good look for anyone and sometimes comes with consequences. This September alone, the US Treasury. imposed sanctions on OTC broker Suex for working effectively to facilitate ransomware money laundering. The exchange was nested on Binance, although the company said it had removed Suex from the platform well before the Treasury designation based on its own “internal safeguards.”
The development should be a wake-up call for both CEXs and DEXs everywhere as it applies the ripple effect of US sanctions to the crypto ecosystem. A sanctioned entity may be sitting comfortably in its home jurisdiction, but in today’s interconnected world, US sanctions make dealings involving foreign clients that it may wish to conduct even more difficult. It just doesn’t have to involve just Binance – it could include any legitimate business with a US presence and interests, and the same goes for hosting providers, payment processors, or anyone who enables the day-to-day business operations of the Binance. target company.
Hypothetically, sanctions could even indirectly affect decentralized entities in many ways. Decentralized projects typically still have core development teams associated with them, which invokes the perspective of individual responsibility. In the future, and with enough regulatory stringency, they could one day even see their incoming and outgoing traffic limited or completely blocked by IPS unless users use additional obfuscation tools like VPNs.
War of attrition against ransomware
The Suex OTC incident and its far-reaching implications point us to what could be a broader strategy to quell ransomware groups. We know that you rely on multiple nodes within the crypto ecosystem, but DEXs and CEXs hold special value in your eyes because enabling to hide their tracks and put cash in their pockets. And that is the ultimate goal, in most cases.
It is naive to expect all players in this field to be equally diligent with their internal safeguards. Enforcing standards for KYC and AML on exchanges will, at a minimum, make it more difficult for criminals to move crypto and withdraw money. Such measures would increase your losses, making the entire operation less profitable and therefore less lucrative. In the long run, ideally, it could deny them vital areas of the vast infrastructure they use to transport money, making the cookie jar effectively inaccessible. And why chase money you can’t put in your pocket?
With advances in machine learning and digital identification, DEXs can be just as adept at KYC as their centralized relatives, using AI to process the same documents that banks would process for their KYC efforts. It is a procedure that can be automated, giving your legitimate customers more peace of mind and potentially attracting more cash flows with its regulated status. The crypto community could go further by implementing additional controls on transactions involving exchanges and services that are known to have a high proportion of illicit activity. Although measures such as blacklisting wallets are unlikely to gain much popularity (although blacklisting is not unheard of in the crypto space – for example, NFT platforms have recently froze trading of stolen NFTs), even its limited adoption can make a difference, bringing more legitimate traffic to exchanges that go the extra mile.
In military terms, this is like waging a war of attrition against ransomware groups: wearing down the enemy rather than causing direct and immediate damage. A sophisticated ransomware attack requires a large investment of time and money. This is true for both teams developing a custom solution aimed at a specific high-profile target or an operator of a ransomware platform as a service. Not being able to collect the ransom means that most of that time, effort and investment has gone to waste.
Critics may argue that such measures would not work, simply because hackers can always move on to another financial mechanism to claim their money, such as gift cards. Up to a point, this is true; Where there is a will, there is a way. But consider this: Colonial Pipeline had to to pay a ransom of $5 million in crypto to suspected Russian hackers. How easy would it have been for attackers to charge the same amount in Walmart gift cards? Would the risk-reward ratio still justify the attack? I doubt it. It makes sense to invest millions to steal billions, but moving these billions into something other than crypto without setting off a bunch of red flags is a whole different story.
Here’s a better counterargument: Ransom is not always the motivation. A state-backed group striking as part of a larger adversarial campaign would appreciate the extra money, but is just as interested in keeping its handlers happy. This is the pinch of salt that goes well with the argument for regulation, and yet even denying the ransom to financially motivated hackers would already make a dent or two in the proliferation of ransomware.
In general, ransomware is a complex problem, difficult to solve with a single miraculous decision. It will require a more nuanced approach and, most likely, more international cooperation in this regard. However, there are strong arguments for making foreign exchange regulation an important part of such efforts in an attempt to deny attackers the ability to reap the rewards of their attacks and thus go after the financial core of their operations.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should do their own research when making a decision.
The views, thoughts, and opinions expressed here are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Lior Lamesh is the co-founder and CEO of GK8, a cybersecurity company that offers a self-managed end-to-end custody platform with true cold vault and hot MPC capabilities for banks and financial institutions. Having honed his cyber skills in Israel’s elite cyber team reporting directly to the Prime Minister’s office, Lior oversees local GK8 hardware and software development.