The White House is determined to combat the perpetrators of ransomware attacks that have disrupted supply chains and other essential services recently. Though the Biden administration is considering a number of options, digital asset and blockchain-related regulation is likely to play a large part.
Just as computer networks are regarded as “critical infrastructure,” so too will blockchains play an important part in future commerce and record-keeping. The traditional “code is law” attitude of many blockchain proponents is unlikely to gain support in a world where ransomware attacks cause real and large-scale economic damage, or even potentially put lives at risk.
The White House last week announced a cross-government task force to defend IT infrastructure against ransomware attacks. It includes the Cybersecurity and Infrastructure Security Agency’s (CISA) new “Stop Ransomware” website, as well as plans to introduce rewards totaling up to US$10 million for information that identifies perpetrators and even retaliatory cyberattacks on suspected groups.
Targets of the higher-profile ransomware attacks in 2021 have included Colonial Pipeline (which supplies roughly half of the U.S. East Coast) and JBS, the world’s largest meat processor. Past attacks have targeted everything from individuals and small businesses to hospitals and law enforcement offices.
A common theme in ransomware attacks over the years is the use of “virtual currencies” or “cryptocurrencies” to facilitate payments. Research has shown that, not only do attackers demand payment in BTC or other digital assets, but they have also been able to successfully launder them through major online exchanges and turn their gains into fiat profits.
This has happened despite most exchanges implementing some form of KYC/AML for users. Criminals have still been able to transfer and launder funds on the platforms due to lax enforcement of these policies, or exchanges implementing them as token measures only.
Reports on the planned new anti-ransomware measures said they will include advice on defenses and solutions, as well as information-sharing and incident reporting requirements. However, payments are likely to play a large part. Without a way for victims to pay the ransoms, and easy ways for criminals to process their funds, it becomes very difficult to perform an effective attack.
Digital asset exchanges, then, are likely to find themselves under increasing pressure to identify and report suspicious activity.
In many ways, the “code is law” attitude has restricted Bitcoin and other digital asset adoption in the mainstream—which bites its own tail by creating a stunted “crypto economy” in which digital assets have little-to-no value if they can’t be traded for fiat currencies. Speculative coin trading is also a major contributing factor, since users are more likely to hold and trade digital assets than actually spend them on goods and services.
Attacks on blockchains themselves
Payments aside, as more sectors of the economy use blockchain technology to process and secure records, attacks on blockchain networks themselves will be seen as a threat. The recent series of “reorg attacks” on BSV is one example where the law is more likely to intervene.
Although a similar attack happened on the BCHA (now eCash) network in March 2021, the limited resources available to the project’s leaders meant it passed mostly unnoticed to outsiders. BCHA developers did not seek assistance from law enforcement, and may not have gathered data to aid external investigators. That is not the case with BSV, where developers are actively investigating the incident and have every intention to help law enforcement agencies take action against the perpetrators.
Since BSV is designed for mass storage and securing of data, it’s important to protect its infrastructure against attacks. By showing it is the most secure and legally compliant ledger for keeping records, it also demonstrates an effectiveness as a tool against cybercriminals and their methods.