- A task force on ransomware has called for more aggressive tracking of cryptocurrencies
- The Ransomware Task Force today reported on what can be done about cryptocurrency-led ransomware
- The task force commissioner said that “a lot more that can be done to constrain the abuse” of cryptocurrencies
A panel investigating the growing threat of ransomware has called for more aggressive tracking of cryptocurrencies in response to the increased threat of ransomware on companies and public services. The report by the Ransomware Task Force, released today, calls for a broad set of recommendations to help address what it calls a ransomware epidemic, including introducing technical and legal means for disrupting such operations and the payment infrastructure that underpins them.
Victims Encouraged to Offers Hacker Payment Details
The Ransomware Task Force was made up of technical experts, policy makers, officials from the FBI and United States Secret Service, and international law enforcement agencies, with their report due to be presented to world leaders later. The task force, which was sponsored by the Institute for Security and Technology, noted that the recommendations in the report only represented the first step in the fight against ransomware and that “the real challenge is in implementation.”
The task force noted that cryptocurrencies were almost always the payment medium of choice, with Bitcoin and Ethereum the most commonly used. The report suggests that victims be encouraged to anonymously disclose payment details to law enforcement before they are made, allowing the trail to be better followed once the payment goes through:
Updating breach disclosure laws to include a ransom payment disclosure requirement would help increase the understanding of the scope and scale of the crime, allow for better estimates of the societal impact of these payments, and enable better targeting of disruption activities. Further, requiring ransomware victims to report details about the incident prior to paying the ransom would enable national governments to take actions such as issuing a freeze letter to cryptocurrency exchanges.
Ransomware Threat Worsening Daily
The task force added that that ransomware threat “continues to worsen daily” but that the scale of the problem is not publicly realized because many companies prefer not to publicize such hacks in order to avoid impairing their image. Equally, the situation has been muddied by suggestions that ransomware insurance payouts might be illegal.
Philip Reiner, chief executive of the Institute for Security and Technology, told Reuters that, “There’s a lot more that can be done to constrain the abuse of these pretty amazing technologies,” suggesting that greater scrutiny of cryptocurrencies could be imminent.