Skip to content

Illustration by Security Management

U.S. Creates Cryptocurrency Enforcement Team to Crack Down on Ransomware Payments

The U.S. Department of Justice is launching an initiative to address the use of cryptocurrency to facilitate criminal activity, including ransomware.

U.S. Deputy Attorney General Lisa Monaco announced the National Cryptocurrency Enforcement Team (NCET) in an appearance at the Aspen Cyber Summit this week. In her remarks, Monaco said that criminals who conduct ransomware campaigns are getting paid through cryptocurrency exchanges.

“You can’t disaggregate the challenge here. They come hand in glove,” Monaco explained. “We can go at both, and that’s why we’re making sure we’re targeting the ecosystem that supports and fuels the ransomware activity. That means the cryptocurrency exchanges. That means the infrastructure. We want to make sure we’re going after the entire supply chain here.”

The NCET will handle investigations and prosecutions of criminal misuses of cryptocurrency, as well as assist in tracing and recovering cryptocurrency payments to ransomware groups as part of its efforts to recover assets lost to fraud and extortion.

“Because cryptocurrency is used in a wide variety of criminal activity, from being the primary demand mechanism for ransomware payments to money laundering and the operation of illegal or unregistered money services businesses to being the preferred means of exchange of value on ‘dark markets’ for illegal drugs, weapons, malware, and other hacking tools, the NCET will foster the development of expertise in cryptocurrency and blockchain technologies across all aspects of the department’s work,” according to a U.S. Department of Justice (DOJ) press release. 

The DOJ is looking for a leader to manage the NCET, seeking someone with experience in criminal investigations and prosecutions, along with the technology that supports cryptocurrencies and the blockchain.

The use of cryptocurrency to pay threat actors who conduct ransomware campaigns has come under increased scrutiny as attacks continue to rise, including high-profile incidents like the Colonial Pipeline ransomware attack, and victims continue to pay ransoms. In 2020, ransomware payments totaled more than $400 million—four times the amount in 2019—according to Reuters.

U.S. lawmakers have also urged the Biden administration to do more to disrupt the infrastructure that enables criminals to conduct successful ransomware operations.

In a statement released Friday, U.S. Senators Edward Markey (D-MA) and Sheldon Whitehouse (D-RI) and U.S. Representatives Ted Lieu (D-CA) and Jim Langevin (D-RI) said they had sent letters to the Departments of Justice, Treasury, State, and Homeland Security, asking them to pursue all options to protect American infrastructure from ransomware attacks.

“We believe that increasing enforcement of existing money laundering and financial crimes statutes would play an important role in deterring ransomware attacks and facilitating the recovery of cryptocurrency paid to ransomware attackers,” the lawmakers wrote.

The U.S. Treasury Department issued its first sanctions in September 2021 against a virtual currency exchange, SUEX, for facilitating financial transactions for ransomware actors. 

“Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity,” according to a Treasury Department press release. “Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks.”

Enforcing existing securities law and taking action against cryptocurrency exchanges that violate it will help give people confidence in the financial systems they are using and allow the exchanges to meet their goal of becoming the banking system of the future, Monaco said.

“Cryptocurrency, blockchain technology, these are lawful tools and they have good uses,” Monaco added. “The challenge is how to deal with the extra anonymity those tools provide to criminal actors.”