February 28, 2023

ICYMI: At Hearing, Senator Warren Highlights Need for Stronger Crypto Regulation to Fight Ransomware Attacks and Protect National Security

“Crypto is being used to hold American businesses for ransom. It’s being used to threaten American towns. It’s being used to evade American sanctions and it’s being used to enrich America’s adversaries. We’ve got to stop helping these guys by letting crypto go unchecked.”

Video of Exchange (YouTube)

Washington, D.C. — At a hearing of the Senate Banking, Housing, and Urban Affairs Committee, U.S. Senator Elizabeth Warren (D-Mass.) questioned Daleep Singh, former Deputy National Security Advisor for International Economics, National Security Council, and former Deputy Director, National Economic Council, about the crypto-fueled rise of ransomware attacks and rogue state-affiliated ransomware gangs. Senator Warren highlighted the need for her and Senator Roger Marshall’s bipartisan Digital Assets Anti-Money Laundering Act, which would stitch the loopholes allowing rogue states and cybercriminals to move illicit funds outside of our nation’s anti-money laundering framework.

Transcript: Hearing, “Advancing National Security and Foreign Policy Through Sanctions, Export Controls, and Other Economic Tools”
U.S. Senate Committee on Banking, Housing, and Urban Affairs
Tuesday, February 28, 2023

Senator Elizabeth Warren: Ransomware has hit everywhere.

In the past three months alone, ransomware attacks have:

  • Shut down four public schools in Nantucket, Massachusetts, affecting 1,700 students and their families;
  • They’ve exposed the health records of over 3 million patients in California;
  • And they have shuttered all four of Dole’s food production plants in the U.S., halting food shipments to grocery stores and disrupting our already-vulnerable supply chain.

That’s just in the last three months. Let’s do the last 24 hours. Just yesterday, we learned that ransomware attackers stole sensitive investigative information from the United States Marshals Service. Now, according to FinCEN, in the first half of 2021 alone, ransomware attackers likely received $5.2 billion – that’s in half a year – in payments from American businesses, hospitals, school systems, and public utilities.

Before 2016, the majority of cybercrime attacks involved small-scale credit fraud and bank fraud. Ransom payments ranged from about $75 to about $750. Today, the average ransomware attacker demands about $5 million.

Now, Mr. Singh, you’re an expert on international economics and national security. These large-scale attacks and large ransom payouts,  would they be possible without crypto?

Mr. Daleep Singh, former Deputy National Security Advisor for International Economics, National Security Council, and former Deputy Director, National Economic Council: No, Senator. I think digital assets are central to the business model of ransomware.

Senator Warren: Okay, and in fact, do you know what proportion of ransomware attacks are paid off by crypto?

Mr. Singh: Must be close to 100%.

Senator Warren: Exactly right. Right at 100%. The most active ransomware gangs are affiliated with or based in Russia, North Korea, and Iran. Mr. Singh, does that put our national security at risk?

Mr. Singh: Absolutely.

Senator Warren: Thank you. In fact, in 2021, about three-quarters of all ransomware revenue – that’s now measured in billions and billions of dollars – three-quarters of it – went to Russia-linked ransomware gangs. In the year since Russia invaded Ukraine, Russian criminal organizations have doubled down on using crypto to hold American businesses, American schools, and American hospitals hostage. Some have even declared allegiance to Vladimir Putin, vowing to “strike back at the critical infrastructures” of Russia’s enemies. Just last week, a Russia-affiliated ransomware gang called Black Cat attacked 13 hospitals in eastern Pennsylvania. Mr. Singh, I have one more question for you. You helped craft the sanctions that our country imposed on Russia – and that you were just talking about with Senator Vance – you helped craft this in response to the Ukraine invasion. Is crypto allowing Russian ransomware gangs to extort American businesses and potentially evade those sanctions?

Mr. Singh: Senator, I don’t believe it’s allowing for the evasion of sanctions at scale, but even a dollar of evasion is not something we ought to tolerate. I think as I reflect on the experience, one of the efforts we made in parallel was to launch the executive order on digital asset regulation, also trying to push our government to launch a digital dollar, which I think is the single best step that we could take because it would crowd out the ecosystem of crypto that allows national security adversaries like Russia to exploit our deficiencies, our weaknesses in terms of our critical infrastructure. And yes, I think to some extent, we won't know exactly for sure, to evade the impact of our sanctions.      

Senator Warren: So actually, let me drill down just a little bit on this. In March 2022, FinCEN issued an advisory warning about Russian attempts to evade sanctions. The guidance said I’m going to quote, “sanctioned persons, illicit actors, and their related networks or facilitators may attempt to use (crypto) and anonymizing tools to evade U.S. sanctions and protect their assets around the globe.” And in September 2021, OFAC issued an advisory highlighting the sanctions risks associated with ransomware payments. And – if I’m not mistaken – you were serving in the White House at this time. Do you agree with these statements from FinCEN and OFAC?

Mr. Singh: Yeah I do.

Senator Warren: Good. Crypto is being used to hold American businesses for ransom. It’s being used to threaten American towns. It’s being used to evade American sanctions and it’s being used to enrich America’s adversaries. We’ve got to stop helping these guys by letting crypto go unchecked.

Senator Roger Marshall and I are reintroducing our crypto anti-money laundering bill to protect our nation from ransomware attacks by stopping the flow of dirty money. It’s something we need to do for our national security.

Thank you. Thank you, Mr. Chairman.

###