- Companies faced with the threat of ransomware need to think carefully about how to proceed and alert federal law enforcement agencies before making a decision, Stephen Nix, assistant to the special agent in charge at the U.S. Secret Service, said during the MIT Technology Review CyberSecure conference Tuesday.
- Federal law enforcement can use information from ransomware targets to make early attribution in a ransomware attack, and by working with partner agencies have access to decryptors that can be used to retrieve stolen data without the need to complete a ransomware payment, Nix said.
- Threat actors are using illicit gains to grow their networks with more qualified and experienced cybercriminals into their organizations, Nix said. Threat actors are increasingly not asking for crypto payments, instead demanding access to specialized tools or software for data analysis or crypto trading purposes.
The U.S. Secret Service has played a little-known, but key role in the fight against malicious ransomware attacks. The agency is part of the National Cyber Investigative Joint Task Force, which has been around since 2008, and includes 30 partner agencies that collaborate on intelligence sharing and disrupting cyberattacks.
The Secret Service also works with the National Security Council’s campaign to fight ransomware, according to Nix. The presentation comes at a critical point in the fight against ransomware. The Department of Justice recently launched a task force to go after threat actors with aggressive tactics to disrupt ransomware and the Biden administration is now part of a 30-nation coalition to target criminal actors that have previously operated in international safe havens.
The official position of federal law enforcement is to never pay in response to a ransomware threat, Nix said. But at the same time, federal officials understand that such attacks can have a critical impact on a business, through millions of dollars in payments, or, in some cases, operations disrupted to the point where business can no longer function.
Federal officials are working on new methods to trace the flow of funds in order to disrupt illicit crypto transactions, according to Nix. In recent years, a growing number of crypto transactions have used Monero as the preferred method of payment because of its anonymity. However, there is work being done in the private sector to make those payments easier to trace.
Federal law enforcement agencies are now targeting foreign exchanges and other entities that are making money off of illicit transactions and working to disrupt organizations that are making money off of ransomware.
"We’ve got to get all these entities on board to say okay, we know that these funds are illicit funds, we know that they are going into that wallet," he said.