skip to Main Content

Blockchain Analytics—the Secret Weapon to Combatting Ransomware  

CipherTrace provides critical cryptocurrency intelligence to the Ransomware Task Force to trace the criminal actors that perpetuate this threat. Ransomware not only impacts individuals; it also targets healthcare, education and even tech giants like Apple. 

Ransomware continues to plague both the public and private sectors around the globe, but too often we in the cybersecurity industry find ourselves trying to mop up after a crime has taken place. And it’s not merely a financial crime. Ransomware attacks in recent months affected the ability of hospitals to provision lifesaving care and the ability of utility suppliers to reliably meet customer needs for basics like electricitywhile government agencies at all levels have suffered incursions that expose sensitive data. 

Clearly, our current approaches are not a match for what was once a nuisance crime. The answer to the scourge of ransomware? Proactive collaboration. Fortunately, cryptocurrency is the default method of payment for ransomware which means these payments are traceable. 

That’s why CipherTrace is a proud contributor to the Ransomware Task Force, a broad coalition of over 60 experts in industry, government, law enforcement, civil society, and international organizations. I have spent the last three months working collaboratively with other experts to create a framework for getting ahead of the ransomware threat. We’ve developed nearly fifty recommendations to meet four broad goals: 

  • to deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced, comprehensive strategy 
  • to disrupt the ransomware business model and decrease criminal profits 
  • to help organizations better prepare for ransomware attacks 
  • to respond to ransomware attacks more effectively 
Source: Ransomware Task Force

Ransomware is a complex and growing problem; the role of cryptocurrency is just one facet, and I am pleased to have been able to contribute my expertise on crypto financial movements, to include how crypto is purchased to pay ransoms, how laundered crypto makes its way back to banks as criminals look for fiat offramps and how criminals also use mixers and non-compliant exchanges to obfuscate their movementsWith rogue states using ransomware as mechanism to raise money for more cyber warfare and WMD programs, as well as to evade sanctions, fighting ransomware also helps secure the future of the crypto economy—a core part of the CipherTrace mission. 

On April 29, the RTF released our findings in A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force. The framework highlights five priority recommendations that the task force has determined are the most foundational and urgent, with the remaining recommendations designed to predominately facilitate or strengthen these core actions. These priority recommendations include:

  1. Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals. The US should lead by example with a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House.
  2. In the US, this must include the establishment of
    1.  an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director;
    2. an internal U.S. Government Joint Ransomware Task Force; and
    3. a collaborative, private industry-led informal Ransomware Threat Focus Hub.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
  4. An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some underresourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require VASPs to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.

Now is the time for concerted, coordinated action. The Ransomware Task Force is a groundbreaking coalition; I am proud to have contributed and look forward to a future when ransomware attacks and the threat they pose to individuals, organizations, and nation states ceases to be operative. 

To read the RTF report 

To learn more about the Ransomware Task Force, visit 


Back To Top