Ransomware, Cryptocurrency

Raise the cost of cybercrime to defend against the delta variant of ransomware

September 9, 2021
The Bitcoin 2021 Convention in Miami this past June. Today’s columnist, Salvatore Stolfo of Allure Security, argues that as part of a strategy to mitigate ransomware, governments around the world have to start taxing cryptocurrency assets. (Photo by Joe Raedle/Getty Images)
  • Make it more difficult to use cryptocurrencies. Until cryptocurrencies are accepted by all major retailers, crypto exchanges are necessary to convert to real currencies. The bad guys can’t buy their Mercedes Benz cars yet using cryptocurrency, although Tesla has become a reasonable alternative. Analyses of transactions converting cryptocurrencies to real concurrencies might reveal criminal financial flows, and perhaps the owners of the accounts involved with these transfers. Once the system transfers value from crypto currencies, money flows in real currencies are traceable. Now’s the time to act, while many government tax agencies are focused on taxing crypto assets with many calling for the regulation of the cryptocurrency exchanges. The current bills being debated in the US congress include provisions for crypto exchanges to report under tax law.
  • Get banks to set up decoy accounts. To cover their tracks, digital criminals will often use stepping stone accounts from unsuspecting “mules.” They can identify mule accounts by seeding the criminal ecosystem with decoy accounts designed specifically to identify illicit activities, such as providing these accounts through phishing campaigns. When a phishing site has been identified, stuffing these sites with decoy information, including decoy financial account numbers, would “seed” a breadcrumb trail to follow the bad guys’ cash flow. The industry could achieve this if banks and bank regulators permitted this operational defense.
  • Tighten up money transfers. Collaborative analyses among financial institutions that handle large money transfers that utilize "dormant" accounts might reveal pre-positioned accounts created to receive and disburse illegal financial gains. Money transfers now include relatively little information about the accounts involved in transfers. Numbers and identification information could easily be augmented with account properties such as the age of the accounts and their typical volume and velocity of funds transferred that banks could easily use in fraud detection logic.
prestitial ad