The White House is taking additional steps to encourage ransomware victims to alert the federal government, just as the hackers behind those attacks are threatening victims from doing so.
The moves mark an escalation between the Biden administration, which has vowed to crack down on criminal hackers who try to extort Americans, and ransomware gangs, which have proven resilient to efforts to stop them.
The Treasury Department on Tuesday warned victims of ransomware attacks that paying off hackers may violate U.S. sanctions. All victims should alert the department before paying off such hackers, the warning said, in order to ensure they’re not criminally violating U.S. sanctions in doing so.
Ransomware victims often struggle with whether to pay their attackers, most of whom threaten to keep their files inaccessible and to release them to the public if not paid.
The White House encourages all American ransomware victims to alert the FBI and the Cybersecurity and Infrastructure Security Agency, both because they may be able to help mitigate the problem, and also to better track the hackers. But the choice of whether to pay or to alert federal authorities is up to the victim.
Meanwhile, at least three prominent ransomware gangs have recently begun explicitly warning their victims that they will publish their files immediately if they contact the government, said Allan Liska, an analyst at the cybersecurity firm Recorded Future.
All major ransomware gangs demand payment in cryptocurrencies like bitcoin, which rely on online exchanges to convert digital money to cash. The Treasury Department also announced Tuesday that it had sanctioned a single cryptocurrency exchange, the Czech Republic-based Suex, for allegedly helping at least eight ransomware gangs launder their extorted money. Suex didn’t immediately respond to a request for comment.
Michael Phillips, a co-chair of the Ransomware Task Force, a cybersecurity industry partnership to fight ransomware, said that interfering with how ransomware hackers take money is a vital component to slowing them down.
“Following the money is an age-old tactic for law enforcement, and it makes a lot of sense for cryptocurrency,” he said.
Hackers' recent warnings to victims to not alert the U.S. government is a sign of weakness, Phillips said.
“It reeks of desperation,” he said. “I think they know they’re on the back foot, that they’re under increased pressure, and they understand there are tools being arrayed against them."