Reading time: ~2 m
With the adoption of the law, infrastructure companies will have to report payments made to hackers using ransomware within 24 hours. This will certainly increase the detection of such crimes and security.
In 2020, ransomware stole over $690 million. Data for 2021 has not yet been collected, but the amount stolen in 2021 should exceed the figure for 2020. In the current year, with the growth of geopolitical risks, the activity of ransomware programs has increased, and they began to be used not only to steal money, but also to create geopolitical pressure.
A new law that US lawmakers recently passed should help combat such ransomware. The law, known as the Peters Bill, requires infrastructure companies to report major cyberattacks against them within 72 hours and within 24 hours when these companies make payments using ransomware.
The relevance of this bill comes from the fact that to detect ransomware, blockchain transaction analysis technologies are increasingly being used, which have shown high efficiency in tracking ransomware transactions. A vivid example of this is the story of the American company Colonial Pipeline last year, which paid money to extortionists, and the US Department of Justice managed to return part of these funds in the amount of $ 2.3 million.
To expand this positive experience, it is necessary to have as much data as possible, and receive them as soon as possible. As a rule, ransomware requires a ransom in cryptocurrencies, mainly in bitcoin, and the sooner the authorities receive data on the crypto-addresses of the ransomware, the faster they will be able to respond.
With regard to the timely receipt of data, just the new law will help, because. Previously, a small number of companies that encountered ransomware reported it to government authorities.
“The bill is very useful,” says Roman Bieda, head of fraud investigations at Coinfirm. “The ability to quickly ‘mark’ stolen coins, attacker addresses, or fraudulent funds transfer transactions as ‘risk’ will allow all users to detect the risks of certain coins even before they are further transferred and used.”
“This will certainly help in the analysis of blockchain forensics,” says Allan Liska, Senior Intelligence Analyst at Recorded Future. “Despite the fact that ransomware constantly changes their wallet numbers with each attack, ultimately all transactions lead to one account. Blockchain analysts have become very good at tracking the entire chain of transactions down to the last link. The attackers’ attempts to obfuscate the tracks and their use of various tactics to avoid surveillance did not help them in the end.”
Siddhartha Dalal, Professor of Professional Practice at Columbia University, agrees. In the past year, Dalal co-authored an article titled “Identifying Ransomware Actors in the Bitcoin Network.” This article described how he and fellow researchers learned to detect ransomware with high accuracy, up to 85%, using graph-based machine learning algorithms and blockchain analysis.
Despite the already high accuracy, the authors of the article claim that they can improve this figure by improving their algorithms by obtaining more reliable data.
The main obstacle in their work is that the data they work with is often unbalanced and distorted. Columbia University analysts analyzed 400 million transactions and 40 million wallet addresses, but were only able to positively identify 143 addresses. Belonging to the creators of ransomware. In other words, the analyzed data was dominated by ordinary, non-fraud transactions. When working with such a sample of data, the algorithm runs the risk of either mistakenly flagging regular transactions as fraudulent or missing fraudulent transactions.
Bieda from Coinfirm gives an example of this problem in an interview:
“Let’s say you want to build a model that will extract dog photos from many cat photos, but you have a training dataset with 1000 cat photos and only one dog photo. The machine learning model “would learn that all photos can be considered as photos of cats, since the margin of error is only 0.001.”
In other words, the algorithm would constantly guess the image of a cat, which would be meaningless, even despite the high percentage of matches.
Will the new law allow increasing the amount of data on “fraudulent” bitcoins and crypto addresses needed for qualitative analysis?
Dala is sure that it will definitely help, because the more data, the better the analysis. He also notes that it is also important that information about transactions will be available in the first 24 hours after they are made. This will allow you to detect the servers from which the attack occurs, identify attack methods and warn other potential victims who can prepare for such attacks. Often, attackers use the same attack methods and software tools.
Law enforcement experience
Law enforcement agencies are already engaged in blockchain analysis when criminals use cryptocurrency to fund their activities. “We can, using blockchain analysis, expose their entire supply chain,” says Kimberly Grauer, director of research at Chainalysis. “We can see where they buy their bulletproof hosting, where they get their malware, their branch office in Canada, and so on.” “We get a lot of information about these groups through blockchain analysis,” she adds.
Will this law actually help, because it will take months to implement it? “Yes, it certainly will,” says Salman Banai, co-head of public policy at Chainalysis. “We’ve always talked about it.” “I don’t know exactly how much more efficient we will be in our analysis, but we expect it to become more efficient.”
The law has yet to finalize the details of its use before it goes into effect. For example, the question of which companies will have to comply with it is important. “It’s important to remember that the bill only applies to ‘organizations that own or operate critical infrastructure,'” Liska says. Although this definition covers tens of thousands of organizations in 16 sectors, this law covers a small subset of companies operating in the United States.
But when you consider that the infrastructure sectors mentioned in the law include financial services, IT, energy, healthcare, transportation, manufacturing and commercial facilities, it can be concluded that almost all companies are subject to the law.
Another question arises: is it necessary to report every attack, even those that are considered conventionally common? The Cyber and Infrastructure Security Agency, to which companies will be required to report, recently commented that even small acts could be considered recordable. “Because of the looming risk of cyberattacks from Russia, any incident could provide important clues leading to a sophisticated attacker,” writes the New York Times.
Can we say that the growth of geopolitical tension contributes to the early adoption of preventive measures? US President Joe Biden noted that the likelihood of cyber attacks by the Russian government is high. But that worry appears to have been unfounded—at least not yet.
According to Chainalysis, in 2021, almost three-quarters of all money generated by ransomware attacks went to hackers associated with Russia, so they believe that an increase in activity from there cannot be ruled out.
The law will be effective with an integrated approach to the problem
The machine learning algorithms that detect and track ransomware participants trying to get a payment over the blockchain — and almost all ransomware supports blockchain — will no doubt now improve, Bieda said. But machine learning solutions are just “one of the factors supporting blockchain analysis, not a stand-alone solution.” There is still a strong need for “wide industry collaboration between law enforcement, blockchain investigation companies, virtual asset service providers and, of course, victims of blockchain fraud.”
Dalal adds that many technical challenges remain, mainly due to the unique nature of pseudo-anonymity:
“Most public blockchains do not require any identification of an individual, and users can create as many addresses as they want. Transactions become even more complicated as there are tumblers and other mixing services that can mix stolen money with many others. This increases the combinatorial difficulty of identifying criminals hiding behind multiple addresses.”
The efficiency of solving crimes will increase
However, things seem to be moving in the right direction. “I think we’ve made a lot of progress as an industry,” adds Liska, “and we’ve done it relatively quickly.” A number of companies are doing very pioneering work in this area, and the Ministry of Finance and other government agencies are also beginning to see the value of blockchain analysis.
“On the other hand, while blockchain analysis is clearly moving forward, there is so much money now being made from ransomware and cryptocurrency theft that even the impact of this work pales in comparison to the overall problem,” adds Liska.
While Bieda sees progress, getting firms to report blockchain scams will still be challenging, especially outside of the US. “Over the past two years, over 11,000 blockchain scam victims have reached Coinfirm through our Reclaim Crypto website,” he says. “One of the questions we ask them is, ‘Have you reported the theft to law enforcement?’ — and many victims do not go to law enforcement.”
Dalal says the government mandate is an important step in the right direction: “This will certainly be a game changer as attackers will not be able to repeat their methods and will have to constantly change them in order to attack multiple targets. It will also help potential victims better protect themselves.
#Revolutionary #law #aimed #combating #ransomware #field #blockchain #passed #United #States
