Stephen Diehl hates cryptocurrency - which is fine - but I think he's simplifying ransomware massively in order to grind his axe here.
If it was as simple as 'use cybercoin, do ransom' how come there aren't any big ransomware gangs based in the US or other western country allied with them?
Because the people here aren't capable of it? Come on. It's because the groups can't actually remain anonymous over any significant time period, cybercoin or not.
Every ransomware gang I know of is based in a country that is either directly
hostile or semi-hostile to the US, and ransomware almost exclusively targets
businesses in the US or allied nations.
These facts change the calculus considerably. The major ransomware gangs, if
not explicitly state actors, are definitely viewed as state assets in case of
an emergency where they could be nationalized.
This means that even if it was completely non-profitable to do these attacks,
there would be reason to do them for geopolitical reasons. Both to weaken the
US and to train their own personal.
The NotPetya `ransomware` attack that hit Maersk in 2019 is an example of
this. Despite pretending to be ransomware, it was not a profit seeking
endeavor at all, but a Russian cyberweapon (that was pointed at western
Ukraine) that got out of control.
On a side note, I find it hilarious that after the pipeline attack DarkSide tried to argue that it was
only in it for profit and `not political`. Because criminal gangs operating in
hostile jurisdictions would never stoop to lying, now would they?
But even if the actors were purely in it for the money - I don't think getting
rid of cryptocurrency would stop them at this point. Crypto may be very
convenient for large international payments but it's hardly the only way to
move money across borders. The drug trade has been moving billions of illegal dollars out of the
US every year for decades and they have to deal with physical products and
cash.
I can easily imagine a ransomware gang working with a drug network and getting
victims to drop suitcases full of cash to designated drop-off points.
Remember, these victims are usually large international businesses, so having
them make dozens of $100,000 cash drops in a reasonable time frame isn't out of the picture here.
Combined with the fact that these multinationals have much deeper access to
the financial system then your average Joe with a bank account, I'm sure the
ransomware gangs can find a way to get a mostly irreversible payment to them.
Remember, most of these businesses want to pay, so the gangs effectively have an
insider there.
The root cause of this mess is that billions of dollars worth of
infrastructure can be accessed with nothing more then an internet connection
and a little grunt work. As long as this is the case, international cybercrime
is going to be a massive threat to any business or government.
You can't just leave tons of gold bars lying around and hope that it's too
inconvenient to try and carry them out in a backpack. People are clever and
can figure out lots of ingenious ways to move money around. The wealth
actually has to be secured. Until that happens, you're going to lose a lot of
gold.
This doesn't work as written. For example, if you make 5 deposits of 1 ETH from an account that action is public. If you then make 5 withdrawals of 1 ETH into another account that is also public. Without a lot of extra work in between 2) and 3) it's trivial to see that an amount goes into the pot and then that amount comes out of the pot and link them. Even if the direct link between them is encrypted.
Besides, anonymity doesn't mean laundering. Laundering is about creating a seemingly legit source of bad money. If an exchange follows the source of the funds and sees tornado.cash, they're going to know something is up, even if they can't see the inputs.
If it was as simple as 'use cybercoin, do ransom' how come there aren't any big ransomware gangs based in the US or other western country allied with them?
Because the people here aren't capable of it? Come on. It's because the groups can't actually remain anonymous over any significant time period, cybercoin or not.
Every ransomware gang I know of is based in a country that is either directly hostile or semi-hostile to the US, and ransomware almost exclusively targets businesses in the US or allied nations.
To the point where installing a virtual Russian language keyboard can significantly impact your chances of getting ransomed (https://krebsonsecurity.com/2021/05/try-this-one-weird-trick...).
These facts change the calculus considerably. The major ransomware gangs, if not explicitly state actors, are definitely viewed as state assets in case of an emergency where they could be nationalized.
This means that even if it was completely non-profitable to do these attacks, there would be reason to do them for geopolitical reasons. Both to weaken the US and to train their own personal.
The NotPetya `ransomware` attack that hit Maersk in 2019 is an example of this. Despite pretending to be ransomware, it was not a profit seeking endeavor at all, but a Russian cyberweapon (that was pointed at western Ukraine) that got out of control.
On a side note, I find it hilarious that after the pipeline attack DarkSide tried to argue that it was only in it for profit and `not political`. Because criminal gangs operating in hostile jurisdictions would never stoop to lying, now would they?
But even if the actors were purely in it for the money - I don't think getting rid of cryptocurrency would stop them at this point. Crypto may be very convenient for large international payments but it's hardly the only way to move money across borders. The drug trade has been moving billions of illegal dollars out of the US every year for decades and they have to deal with physical products and cash.
I can easily imagine a ransomware gang working with a drug network and getting victims to drop suitcases full of cash to designated drop-off points. Remember, these victims are usually large international businesses, so having them make dozens of $100,000 cash drops in a reasonable time frame isn't out of the picture here.
Combined with the fact that these multinationals have much deeper access to the financial system then your average Joe with a bank account, I'm sure the ransomware gangs can find a way to get a mostly irreversible payment to them. Remember, most of these businesses want to pay, so the gangs effectively have an insider there.
The root cause of this mess is that billions of dollars worth of infrastructure can be accessed with nothing more then an internet connection and a little grunt work. As long as this is the case, international cybercrime is going to be a massive threat to any business or government.
You can't just leave tons of gold bars lying around and hope that it's too inconvenient to try and carry them out in a backpack. People are clever and can figure out lots of ingenious ways to move money around. The wealth actually has to be secured. Until that happens, you're going to lose a lot of gold.
Some other links: Why banning payment might backfire https://gru.gq/2020/10/18/ransomware-prohibition/ Other possible real solutions: https://gru.gq/2021/05/16/ransomware-real-resolutions/