Steve Arlin, VP Sales, UK, Americas & APAC, ProLion discusses cracking down on crypto addresses.
In September, the US Treasury announced sanctions on a crypto exchange that it asserts has facilitated ransomware transactions totalling USD$13 million. It believes around 40 per cent of SUEX’s transactions are linked to illicit actors, and that the company has aided the laundering of funds from more than eight ransomware variants. The newly announced sanctions block US citizens and companies from transacting on the exchange.
According to a January 2021 report from blockchain analysis firm Chainalysis, in 2020 ransomware gangs made at least USD$350 million in ransom payments, which is a 311 percent increase on the previous year.
Cracking down on crypto exchanges that allow these transactions is an essential part of reducing the ransomware threat. However, without further action it will only make future payments less secure rather than stopping them entirely – especially at a time when according to a report from Kaspersky, over half of ransomware victims resort to paying the ransom.
Efforts to curtail the continuous onslaught of ransomware attacks should actually focus on prevention rather than payment. As the frequency and severity of ransomware attacks shows no sign of easing, sanctioning cryptocurrency exchanges will do little to address the growing problem.
Targeting the wrong part of the problem
A successful ransomware attack in its simplest form can be split into two parts: a security breach followed by a payment. Addressing the second part of this process is somewhat misguided. In the same way that it’s impossible to stop ransomware attacks from occurring, it is essentially impossible to stop payment completely. Attackers will always find a way that makes it possible for them to collect a ransom.
Instead, organisations should take action to limit the damage that attacks can have before payment is even considered. This approach tackles both parts of the problem at the same time. It also means businesses and legislators need to be proactive rather than reactive in their approach and focus on actively monitoring their network to counter opportunistic threats before they inflict too much damage.
The payment debate
In 2021, there has been regular debate on how best to tackle the growing ransomware problem. While paying ransoms has been rightfully discouraged, it’s also nearly impossible to stop it happening. Ransomware groups will always find a way to collect their ransom, whether it’s through a cryptocurrency exchange or via a less secure method.
While these sanctions are a positive step from government, merely disrupting the work of cyber criminals isn’t enough to have a lasting impact. Rather than further criminalising the payment process, these sanctions should be followed by action to incentivise and promote the implementation of better cybersecurity practises across industries.
Instead, it is important to focus on the elements of ransomware that can be controlled such as the risk that faces organisations. By investing in the right technology and encouraging good cyber security habits, businesses reduce the likelihood of an attack and the damage that it may cause.
Simply shutting down one of the many available payment routes will ultimately not stop a ransomware victim’s data from being stolen or erased, their systems being shut down or their business’s reputation being shattered. Even if payment is stopped, there are no guarantees that attackers won’t try again and certainly no guarantee that your data won’t be erased regardless.
So, what is the solution?
Although most organisations have end point cyber security, ransomware and malware can still slip through. Even the best anti-virus protection isn’t always able to track internal threats and compromised employees. The focus of action from government needs to be on prevention of the damage an attack can cause by encouraging the implementation of better security measures.
Implementing proactive ransomware solutions that protect Central Storage Systems whether in the local data centre, NAS or in the Cloud, allows the possibility of dealing with an attack long before it becomes a transaction on a crypto exchange.
The best course of action is to bolster your network’s defences with several layers of protection and with multiple mitigations at each layer. This gives the intended target multiple opportunities to detect attacks and stop them before they have can inflict harmful and long-lasting damage.
Read the latest edition of PCR’s monthly magazine below: