Report: Biden administration to roll out sanctions targeting ransomware payments

The Biden administration reportedly plans to roll out sanctions aimed at disrupting hackers’ ability to collect ransomware payments using cryptocurrency.

The Wall Street Journal reported the plans today, citing sources familiar with the matter.

The sources believe that the sanctions could be implemented as early as next week by the U.S. Treasury Department. The sanctions are expected to be imposed on “specific targets” rather than the entire cryptocurrency ecosystem. Additionally, the Treasury Department is reportedly preparing to release new guidance that will warn businesses they could face fines and other penalties over involvement in ransomware payments. 

According to analysts who spoke to the Journal, effectively limiting hackers’ ability to collect ransomware payments would require the Treasury Department to focus on several areas in particular. The analysts believe that the sanctions would have to target cryptocurrency wallets used by hackers to process ransomware payments, the platforms they leverage to make payments difficult to trace and the people who own and operate those platforms.

The planned sanctions are reportedly aimed at deterring entities involved in the ransomware ecosystem from continuing to facilitate payments to hackers. The sanctions, and the other actions said to be planned as part of the initiative, are described as the Biden administration’s most significant attempt yet to target the infrastructure powering ransomware transactions.

The move follows a series of ransomware attacks attributed to hacking groups in Russia. One of the highest-profile incidents was the cyberattack that targeted Colonial Pipeline Co. earlier this year, which caused the company to shut down its fuel pipeline temporarily.

The reported plan to target ransomware payments with sanctions is the latest in a series of steps taken by the Biden administration to improve cybersecurity. In May, following the Colonial Pipeline breach, President Joe Biden signed an executive order calling for a series of initiatives to bolster cybersecurity defenses in the U.S. 

The  initiatives focus on, among other areas, implementing stronger cybersecurity standards in the federal government. Additionally, they emphasize enhancing how information on online threats is shared between the public and private sectors. A third priority is securing the software supply chain: The executive order calls for the creation of “baseline security standards for development of software sold to the government.”

More recently, in August, Biden held a summit meeting at the White House with top business leaders to discuss national cybersecurity strategy. The chief executives of several major tech firms were among the participants. Microsoft Corp. committed to spending more than $20 billion on cybersecurity over the next five years and Google LLC said it would invest $10 billion in zero-trust security programs during the same time frame. 

Photo: Michael Pick/Flickr