In a recent letter to the Department of Justice (DoJ), the Department of the Treasury (Treasury), the Department of State (State Department), and the Department of Homeland Security (DHS) lawmakers urge the agencies to pursue all options available to protect American communities and infrastructure from the growing threat of ransomware. They emphasized the need for stronger coordination between departments, primarily to address the role of cryptocurrency in ransomware attacks.
The proliferation of cryptocurrency facilitated ransomware attacks, largely by offering easy, fast, and hard to trace methods for laundering illicit gains.
“We believe that increasing enforcement of existing money laundering and financial crimes statutes would play an important role in deterring ransomware attacks and facilitating the recovery of cryptocurrency paid to ransomware attackers,” the letter, signed by Sens. Edward Markey, D-Mass. and Sheldon Whitehouse, D-R.I., and Reps. Ted Lieu, D-Calif., and Jim Langevin, D-R.I., stated.
However, lawmakers recognized the practical and technological challenges involved in efforts to seize cryptocurrency ransoms. They asked agencies, “what resources or authorities, if any, do your agencies need from Congress [to] better coordinate with partner nations on illicit activity facilitated through cryptocurrency exchanges or to seize ill-gotten virtual assets?”
To aid this effort, Senators Maggie Hassan, D-N.H. and Joni Ernst, R-Iowa, introduced bipartisan legislation that would mandate the Treasury and other Federal entities to review the use and mining of cryptocurrencies globally and submit a detailed report on the issue to multiple congressional committees. This report will need to address current aspects of the cryptocurrency market that allow for criminal usages, such as cyberattacks.
Additionally, lawmakers pointed out that about 70 to 75 percent of cyberattacks go unreported. Various bills in Congress are attempting to require entities to report cybersecurity incidents to DHS.
Sen. Elizabeth Warren, D-Mass., and Rep. Deborah Ross, D-N.C., introduced a bicameral bill last week that would require ransomware victims to report to the government when they have paid a ransom, intending to bolster the flow of critical cybersecurity data. And the Senate Homeland Security and Governmental Affairs Committee approved a bill requiring entities to report ransomware payments within 24 hours, excluding small businesses.
In the letter, lawmakers also praised recent actions agencies have taken to crack down on perpetrators of ransomware attacks who use cryptocurrency exchanges to cover their tracks.
“It is reassuring that, despite the technical and diplomatic challenges posed by ransomware attacks, your departments have recognized the urgency of protecting our communities and infrastructure from ransomware attacks,” the letter stated.