Enforcing KYC, AML Laws Is Key to Reducing Ransomware Attacks: Task Force

Existing AML/KYC laws could reduce ransomware proliferation, but it would require an international effort.

AccessTimeIconApr 29, 2021 at 11:21 p.m. UTC
Updated Sep 14, 2021 at 12:48 p.m. UTC

Better enforcement of cryptocurrency regulations can help address an increasing number of ransomware attacks, a public-private task force claimed Thursday.

The Ransomware Task Force, led by the Institute for Security and Technology with support from Microsoft, McAfee and various government agencies, published a report proposing a host of government and company responses to the growing threat of ransomware attacks, including recommendations to disrupt payments to the developers who develop this form of malware.

A ransomware attack is one where a malicious actor hijacks a computer or network, locking it until the victim pays a ransom, often in cryptocurrency (ransomware victims paid close to $350 million in crypto to attackers last year). Paying the ransom is not necessarily a guarantee the perpetrator will share a decryption tool to unlock the computer.

The report recommended properly enforcing existing know-your-customer (KYC) and anti-money laundering (AML) laws to help tamp down payments made in crypto, and hinted that additional regulations may be necessary.

“The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading ‘desks’ to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws,” the report said.

The report noted that this sort of regulatory enforcement would have to be international. A single nation enforcing KYC/AML laws would be insufficient, given that some companies set up shop in countries with more lax regulations.

“A single country’s laws or capabilities will be insufficient to tackle this global threat,” the report said.

Kemba Walden, an assistant general counsel at Microsoft’s Digital Crimes Unit, said in a panel announcing the report that many ransomware developers want payments in bitcoin, rather than privacy coins.

This is because of the low trading volumes for these privacy coins, the report said. However, while malicious actors may not be using privacy coins, the report did warn that attackers might use mixing services to obfuscate how transactions occur.

Chainalysis Director of Market Development Don Spies, who is a member of the task force, told CoinDesk the group came together around the idea that the ransomware threat is likely to grow.

“I think one of the main goals of this was not to propose additional, stifling measures but to help folks realize that you can actually take a stab at this with existing measures,” he said. “In the regulatory space, AML, if we just enforce existing laws on the books in a consistent manner, I think we have the ability to really combat what’s going on.”

Pamela Clegg, vice president of financial investigations at CipherTrace, said in a blog post one of the goals would be to disrupt the ransomware business model, saying crypto is just one aspect of the issue.

The task force received support from the U.S. Department of Homeland Security (DHS), the UK’s National Cyber Security Centre and Europol, with members hailing from a host of government agencies and private entities. 

Spies said he volunteered to join the group, and was not paid for his participation.

In video remarks at the unveiling of the report, Homeland Security Secretary Alejandro Mayorkas called the report an “impressive accomplishment.”

“The Department will work to implement many of your recommendations because one thing is clear: Ransomware is a threat to national security,” Mayorkas said. 


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.