Democrats urge federal agencies to address use of cryptocurrencies for ransomware payments

A group of Democrats on Friday urged the Biden administration to do more to confront the growing use of cryptocurrency markets in ransomware attacks, which have become an increasing national security threat over the past year. 

Sens. Ed Markey (D-Mass.), Sheldon Whitehouse (D-R.I.), and Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.) sent a letter to the leaders of the Homeland Security, Justice, State and Treasury departments on Friday asking them to pursue “stronger coordination” between the agencies on the issue of cryptocurrency. 

They pointed to a massive increase in ransomware attacks, with the FBI’s Internet Crime Complaint Center receiving reports of almost 2,500 ransomware attacks with losses over $29 million in 2020. 

“The proliferation of cryptocurrency has facilitated this explosive growth in ransomware attacks, largely by offering easy, fast, and difficult to trace methods for laundering illicit gains,” the lawmakers wrote. “We believe that increasing enforcement of existing money laundering and financial crimes statutes would play an important role in deterring ransomware attacks and facilitating the recovery of cryptocurrency paid to ransomware attackers.”

They asked that the agencies respond to a series of questions by the end of the month around how cryptocurrency exchanges are involved in ransomware attacks, and underlined the threat of zeroing in on this issue. 

“The rapid rise in ransomware attacks not only financially impacts local governments and businesses, but also threatens U.S. national security because ransomware can disrupt critical infrastructure and capture sensitive data,” the lawmakers wrote. 

The Hill reached out to the agencies the letter was sent to for comment. DHS declined to comment, while a spokesperson for the State Department stressed that the federal government was working hard to counter ransomware attacks.

“The U.S. Government is pursuing a focused, integrated effort to disrupt ransomware actors and the ransomware ecosystem, bolster resilience to defend against ransomware attacks, position the public and private sectors to respond to and recover from incidents more quickly, and collaborate closely with international partners to hold criminals and the states that harbor them accountable,” the spokesperson said in a statement provided to The Hill. 

“Disrupting the criminal misuse of cryptocurrency is a key piece of this effort,” they said. “Uneven implementation of anti-money laundering/countering the financing of terrorism (AML/CFT) requirements for virtual currency internationally inhibits the U.S. Government’s ability to disrupt ransomware-associated money laundering. The State Department invests in capacity building efforts to ensure proper regulation and implementation of ‘know your customer’ and other AML/CFT controls for virtual currency exchanges overseas.”

The Democrats who signed on to the letter are not the first lawmakers to raise concerns on this issue. Sen. Maggie Hassan (D-N.H.) sent letters to multiple federal agencies in September asking them to crack down on the use of cryptocurrency exchanges for criminal practices. 

Concerns over cryptocurrency exchanges have grown in recent months following a string of major ransomware attacks in which the hackers used cryptocurrency exchanges for victim payment to make it more difficult for authorities to trace the funds. 

These attacks included those on Colonial Pipeline and meat producer JBS USA, with both choosing to pay the ransoms in bitcoin. Following the attack, however, the Justice Department was able to recover the majority of the $4.4 million in bitcoin paid by Colonial. 

Several of the agencies have already taken action to confront hackers’ use of cryptocurrency as part of ransomware attacks, including the Treasury Department, which last month sanctioned Suex OTC for allegedly facilitating ransomware payments, its first sanctions against a virtual currency exchange. 

The Justice Department is also making moves in the space. Deputy Attorney General Lisa Monaco announced earlier this week that the agency is establishing a National Cryptocurrency Enforcement Team to “dismantle” cryptocurrency exchanges used to facilitate ransomware payments by victims.

“Cryptocurrency exchanges want to be the banks of the future, well, we need to make sure that folks have confidence when they are using these systems, and we need to make sure we are poised to root out abuse that can take hold on them,” Monaco said when she announced the group at the virtual Aspen Institute Cyber Summit.

-Updated at 6:15 p.m.