FBI seeks Bitcoin wallet information of ransomware attackers
The FBI, along with two other federal agencies, CISA and MS-ISAC, asked U.S. citizens to report information that helps track the whereabouts of the hackers.
Three federal agencies in the United States — the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center — jointly issued an advisory seeking information to curb ransomware attacks.
As part of the #StopRansomware campaign, the joint cybersecurity advisory alerted citizens of Vice Society, a ransomware-type program that encrypts data and demands ransom for decryption.
The trio anticipates a spike in ransomware attacks, primarily aimed at educational institutions, adding that “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.”
While proactive measures remain vital to counter ransomware, the FBI asked US citizens to report information that helps track the whereabouts of the hackers. Some key information the FBI seeks includes Bitcoin (BTC) wallet information, ransom notes and IP addresses linked to the attacker.
By using wallet addresses, authorities can backtrack illicit transactions on Bitcoin’s immutable blockchain without worrying about the trail going cold.
While Bitcoin enables frictionless cross-border transactions, most attackers prefer using fiat currencies to fund their illicit activities. It was also found that only 0.15% of activity on blockchains in 2021 was crime related, which has been going down consistently year over year.
Moreover, the three federal agencies strongly discourage Americans from paying ransom “as payment does not guarantee victim files will be recovered.” Individuals affected by ransomware attacks can report the details by visiting a local FBI office or through official communication channels.
The Dutch Public Prosecution Service recently tracked down crypto wallets associated with a ransomware attack on Netherland-based Maastricht University (UM).
In 2019, a ransomware hack froze all assets of UM, such as research data, emails and library resources. UM later agreed to pay the hacker’s demand of €200,000 in BTC, which is currently valued at roughly €500,000.