DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push
Crackdown could face hurdles if more hackers use privacy enhanced cryptocurrency
The Justice Department is increasingly trying to claw back ransomware payments made by hacked companies and is training cryptocurrency experts who can track funds across sometimes sprawling overseas criminal networks.
Ramping up seizures is a key prong of the U.S. strategy to slow a spate of ransomware attacks that the White House has labeled a top national-security threat, said Leo Tsao, principal deputy chief of the Justice Department’s money laundering and asset recovery section. The focus on retrieving payouts comes alongside the Biden administration’s push to shore up firms’ defenses, disable hackers’ tools and pressure foreign governments to crack down on criminals.
“One of the priorities of the department, in addition to prosecuting individuals carrying out these crimes, is to [get to] where we can seize and recover any proceeds that the criminals may earn from ransomware attacks or other cryptocurrency crimes,” Mr. Tsao said Tuesday at The Wall Street Journal’s Risk & Compliance Forum.
He didn’t offer details on whether federal officials would focus on ransoms paid by particular firms, such as critical infrastructure owners, or sums that reached certain dollar thresholds. The Justice Department didn’t immediately respond to a request for comment.
The Biden administration in June said it would expand efforts to track such transactions after ransomware gangs targeted a U.S. pipeline operator and a meat processor, disrupting their operations and extracting multimillion-dollar ransom payments. The White House’s emerging strategy in response spans law-enforcement and regulatory agencies.
The Treasury Department last month sanctioned a Russian-owned cryptocurrency exchange for allegedly aiding hackers to launder ransomware payments, a first-of-its-kind move that cybersecurity experts say could preview additional international restrictions. Last week, the Justice Department said it is creating a crypto unit to zero in on exchanges and “mixer” services that hacking groups use to move funds between various cryptocurrency addresses in ways intended to conceal the transactions from authorities.
That National Cryptocurrency Enforcement Team will also conduct training and support other law enforcement agencies’ ransomware cases, Mr. Tsao said Tuesday.
“We have had to do a lot of educating within the department,” he said of the DOJ.
Mr. Tsao pointed to the May attack on Colonial Pipeline Co. as an example of how federal officials are adapting to trace and seize money in such extortion schemes. In June, the Federal Bureau of Investigation snagged $2.3 million of bitcoins paid by Colonial during the attack that disrupted the East Coast’s largest conduit for fuel for six days.
Investigators can follow crypto transactions across a public ledger known as a blockchain, giving them a bird’s-eye view of money changing hands in a fast-growing ransomware economy.
The gangs behind attacks, which often operate with relative impunity in Russian-speaking countries, extorted businesses for at least $350 million in cryptocurrency last year, according to blockchain analytics firm Chainalysis. Cybersecurity experts say the total sum is likely much higher because some victim companies don’t report incidents.
While authorities are expanding their ability to track digital currencies, ransomware groups are similarly adapting their money-laundering strategies, Mr. Tsao said. That includes using overseas exchanges outside the reach of U.S. officials and cryptocurrencies designed to obscure transactions and better shield owners’ anonymity.
“Cryptocurrency presents additional challenges above and beyond fiat currency,” he said.
The government says combating cybercrime, including ransomware, requires a coordinated approach, including by other governments and the private sector.
“Simply prosecuting your way out of this problem is not a solution,” Mr. Tsao said, adding that working with companies will be an important part of the response, particularly in the cryptocurrency sphere.
The U.S. plans a 30-nation summit this month to discuss international cooperation in combating cybercrime.
Mr. Tsao was also asked if the Justice Department would look into the Pandora Papers recently released by the International Consortium of Investigative Journalists, which linked a number of politicians, public officials and celebrities to offshore tax havens, with some tied to financial crimes like money laundering.
Mr. Tsao said he was aware of the Pandora Papers, “but beyond that, there’s not really much more I can say about this topic.”
The Justice Department has historically prioritized combating international corruption and international money laundering, he said.
“I’ve spent a large part of my career as an anticorruption and anti-money-laundering prosecutor,” he added. “I have no doubt that foreign officials and foreign actors are using cryptocurrency to help launder funds, especially the proceeds of corruption, and we’ll continue to prioritize that at the department.”
Ramping up seizures is a key prong of the U.S. strategy to slow a spate of ransomware attacks that the White House has labeled a top national-security threat, said Leo Tsao, principal deputy chief of the Justice Department’s money laundering and asset recovery section. The focus on retrieving payouts comes alongside the Biden administration’s push to shore up firms’ defenses, disable hackers’ tools and pressure foreign governments to crack down on criminals.
“One of the priorities of the department, in addition to prosecuting individuals carrying out these crimes, is to [get to] where we can seize and recover any proceeds that the criminals may earn from ransomware attacks or other cryptocurrency crimes,” Mr. Tsao said Tuesday at The Wall Street Journal’s Risk & Compliance Forum.
He didn’t offer details on whether federal officials would focus on ransoms paid by particular firms, such as critical infrastructure owners, or sums that reached certain dollar thresholds. The Justice Department didn’t immediately respond to a request for comment.
The Biden administration in June said it would expand efforts to track such transactions after ransomware gangs targeted a U.S. pipeline operator and a meat processor, disrupting their operations and extracting multimillion-dollar ransom payments. The White House’s emerging strategy in response spans law-enforcement and regulatory agencies.
The Treasury Department last month sanctioned a Russian-owned cryptocurrency exchange for allegedly aiding hackers to launder ransomware payments, a first-of-its-kind move that cybersecurity experts say could preview additional international restrictions. Last week, the Justice Department said it is creating a crypto unit to zero in on exchanges and “mixer” services that hacking groups use to move funds between various cryptocurrency addresses in ways intended to conceal the transactions from authorities.
That National Cryptocurrency Enforcement Team will also conduct training and support other law enforcement agencies’ ransomware cases, Mr. Tsao said Tuesday.
“We have had to do a lot of educating within the department,” he said of the DOJ.
Mr. Tsao pointed to the May attack on Colonial Pipeline Co. as an example of how federal officials are adapting to trace and seize money in such extortion schemes. In June, the Federal Bureau of Investigation snagged $2.3 million of bitcoins paid by Colonial during the attack that disrupted the East Coast’s largest conduit for fuel for six days.
Investigators can follow crypto transactions across a public ledger known as a blockchain, giving them a bird’s-eye view of money changing hands in a fast-growing ransomware economy.
The gangs behind attacks, which often operate with relative impunity in Russian-speaking countries, extorted businesses for at least $350 million in cryptocurrency last year, according to blockchain analytics firm Chainalysis. Cybersecurity experts say the total sum is likely much higher because some victim companies don’t report incidents.
While authorities are expanding their ability to track digital currencies, ransomware groups are similarly adapting their money-laundering strategies, Mr. Tsao said. That includes using overseas exchanges outside the reach of U.S. officials and cryptocurrencies designed to obscure transactions and better shield owners’ anonymity.
“Cryptocurrency presents additional challenges above and beyond fiat currency,” he said.
The government says combating cybercrime, including ransomware, requires a coordinated approach, including by other governments and the private sector.
“Simply prosecuting your way out of this problem is not a solution,” Mr. Tsao said, adding that working with companies will be an important part of the response, particularly in the cryptocurrency sphere.
The U.S. plans a 30-nation summit this month to discuss international cooperation in combating cybercrime.
Mr. Tsao was also asked if the Justice Department would look into the Pandora Papers recently released by the International Consortium of Investigative Journalists, which linked a number of politicians, public officials and celebrities to offshore tax havens, with some tied to financial crimes like money laundering.
Mr. Tsao said he was aware of the Pandora Papers, “but beyond that, there’s not really much more I can say about this topic.”
The Justice Department has historically prioritized combating international corruption and international money laundering, he said.
“I’ve spent a large part of my career as an anticorruption and anti-money-laundering prosecutor,” he added. “I have no doubt that foreign officials and foreign actors are using cryptocurrency to help launder funds, especially the proceeds of corruption, and we’ll continue to prioritize that at the department.”
