Two US senators called for stricter cryptocurrency regulation after a flood of ransomware attacks that plagued the country in the past months.
Democratic Senator Mark Warner of Virginia, chair of the Senate Intelligence Committee, told NBC Meet the Press on Sunday that regulators need to scrutinize the cryptocurrency loopholes that help criminals carry 0ut cyberattacks.
“There was some good things coming out of distributed ledger technology, but we are seeing now some of the dark underbelly,” Warner said. “If a company is paying, if there’s not some transparency of that payment, the bad guys will simply find another way to hide it.”
The senator said while there has been some progress when it comes to bipartisan legislation, the debate about cryptocurrencies and ransomware is “just starting.”
Republican Senator Roy Blunt of Missouri, also a member of the Intelligence Committee, said regulators need to demand more transparency when it comes to attacks like these to protect the American financial system.
“Nobody wanted to report that they had been hacked. That was a fight we’ve been having now for almost a decade,” he told NBC Meet the Press. But “the only way you can begin to get on top of this is to know how pervasive the problem is.”
He continued: “We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency.”
“There ought to be more transparency if a company does pay, so we can go after the bad guys,” Warner said. “Right now what’s happening around ransomware, not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments.”
US Treasury secretary Janet Yellen has been critical of cryptocurrencies in the past, calling out their misuse, which she described in February as “a growing problem.”
“I see the promise of these new technologies,” the former Federal Reserve chief said. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”
The US government is exploring ways to trace cryptocurrency payments made to culprits of ransomware attacks on private businesses and local governments, according to a report from The Wall Street Journal.
Cryptocurrencies like bitcoin have been the favored payment method of hackers that encrypt important files of businesses and hold that data ransom until they are paid. The anonymous nature of bitcoin makes the cryptocurrency ideal payment as hackers work to evade law enforcement.
In a Wednesday letter to business leaders, Deputy National Security Adviser Anne Neuberger said US officials are working with international partners on developing consistent policies for when to pay ransoms and how to trace them, according to the report.
While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.
But ransomware experts are skeptical that bitcoin payment restrictions and tighter regulations will ultimately solve the problem, as the criminals would likely switch to another less-regulated currency that can evade governments, the report said.
More than 1,000 gas stations in eastern US states ran out of gasoline after a cyberattack knocked out a crucial US pipeline which supplies much of the region’s gasoline.
Price rises and panic-buying followed the news, which led to widespread shortages as operators struggled to move fuel supplies without the out-of-action Colonial Pipeline.
According to the app GasBuddy, as of late Wednesday the worst-hit states were North Carolina, where 16% of stations were out of gas, Georgia, where 10.4% were empty, and Virginia, where 10.2% had run out.
The figures were an increase on those released only 5 hours previously, with the percentage of gas stations that were empty in North Carolina increasing by 2% in North Carolina and about 1% in Georgia and Virginia respectively.
“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”
There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.
The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”
Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.
The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.
“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.
Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.
“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”