FULL TRANSCRIPT OF INTERVIEW
Q: What do US companies need to do to prepare for Cyber Attacks now?
A: Companies really should expect to be a victim at some point. So—we have to have:
1) an incident response plan already on the books
2) They may also want to engage an incident response firm. That firm will most likely be using a cryptocurrency analytics tool like CipherTrace to be able to track that Cryptocurrency payment once that payment is made.
Q: So if you’re the CEO of a company, of course you should take the precaution & prepare. But once you’ve been hacked, the main objective is to get business back online again. So it’s understandable why they don’t wait for this investigation to play out, which may not even go anywhere. What other choice do they have it you’re in their shoes.
A: There’s a lot of information that you can gather within a relatively short amount of time, before deciding to make that payment. That’s where the incident response firms can step in and help. That’s where companies like CipherTrace can also step in and help. We can analyze payments that have already been made to that particular ransomeware group or actor.
Then we can make an informed decision about whether or not that payment may constitute a sanctions violation. Which is what we saw the Department of Treasury advise at the end of 2020, that payments made to sanctioned groups that are state entities, can actually result in a sanctions violation for the victim. (the victim in this particular case.)
Q: So the Hacker gets sanctioned, but that still doesn’t get the company’s business back, up and running again. Your firm does a lot of work, and we can understand that—but you can understand where the companies are coming from too when they are faced with paying a ransom to get back to doing business or waiting for sanctions, hiring a firm, etc. A lot of lawmakers are calling for a law against paying ransom. What role should Congress really play in preventing these attacks?
A: Information sharing is key here. We really need to see increased collaboration between private & public sector. There’s a lot of information that is being held within the private sector—firms that continually deal with ransomware. Then there is also segregated information that’s being held within the public sector. If we can combine forces between public and private sectors, that would be a huge bonus to businesses within the United States that are falling victim to this. Additionally, we need to increase our international cooperation at the law enforcement level. Even though we may be able to track cryptocurrency payments in real time as it moves along the blockchain, law enforcement is still constrained in how quickly they can react within the current law enforcement framework that they have for international investigations.
Q: The FBI is now treating these ransomware attacks as “acts of terror” what does that mean for the people who are caught carrying them out and does it mean anything at all for when they are in countries overseas and those countries are unwilling to extradite?
A: There are actors who are taking refuge in countries that are not cooperating with victims & countries who are bearing the brunt of the ransomware attacks. Throughout 2020, we saw ransomware attacks quadruple throughout the world. We saw an increase in ransomware payments of 100%. So, this is something that is of interest to the private sector because this is BIG money walking out the door. The payments could go to Terrorist activities, proliferation of weapons of mass destruction. It’s going to sources that ultimately, we may not actually know, the extent of the damage (that these funds could actually fund. )
Q: In the public sector, what are the implications of that on electric grids, water systems, security networks. Why should all of us be concerned, even if we are not directly affected?
A: I think we saw why a lot of us are concerned when Colonial Pipeline suffered their ransomware attack, and the East Coast was largely left without gas. We had a gas shortage for several days. This is something that impacts the overall economy, within the US and the Western world. It affects our pocketbooks, when we have these large organizations that have to payout these large ransoms– that is going to get passed along to the consumer.
