Cybercriminals may soon cross a true red line for humanity – or maybe we should call it a brown line. If we don’t take away their profits and stop them, our coffee could be next.

The past few weeks have seen a veritable explosion in ransomware attacks. Americans lost access to gasoline as the Colonial Pipeline shut down. The Irish health care system was violated. Our national barbecue obsession was threatened when the largest meat packing corporation in the world was temporarily offline. And in Massachusetts, the elite denizens of Nantucket were temporarily isolated from the mainland as the Steamship Authority was hacked.

What’s next?

We predict it will be coffee. After all, if gasoline is the critical fuel that drives our mechanical hydrocarbon economy, then coffee is the critical fuel that drives our human economy. If the hack of Colonial Pipeline crossed a red line for government response, we might very well guess that, someday soon, ransomware criminals will cross an even brighter brown line and attack the coffee supply chain.

Everything is digital and vulnerable

We’re joking, of course. But maybe not so much. The coffee supply chain is conceptually no different from any other. We can imagine scenarios in which growers, roasters, shippers and retail distributors all come under attack. It takes very little creativity to speculate about the havoc that a disruption to Nescafé (still the largest coffee brand in the world) would cause. More amusingly, we can chortle a bit at the prospect of some being cut off from their daily blast of Starbucks double foam latte.

The reality is that today, almost everything is digital, and every modern business is vulnerable to a ransomware attack. The upsurge in criminality (some of it tolerated or actively encouraged by adversarial nations) is not going to end any time soon. So long as ransomware criminals can profit from their activities without fear of retribution, the crime wave will continue. They will not be deterred until they suffer consequences.

Organizations all over the world have been attacked in recent weeks but, candidly, there is little prospect of creating a traditional criminal network response to ransomware. Many nations, most notably Russia, are content providing the criminals with a haven, and there is no realistic way we can change that dynamic. No ransomware criminal will ever be extradited from Russia to face justice in the West.

And so the Western victims of ransomware need to devise a more effective response. And key to that response is understanding the role of cryptocurrency in fostering ransomware.

In the real, physical world, the moment of payment – when the criminals collect the ransom – is the moment that the crooks are at greatest risk. They have to expose themselves to collect the money. Cryptocurrency is an anonymous digital currency that, thus far, has allowed the ransomware gangs to collect their ill-gotten gains without exposing themselves to capture. That can and should change.

Digital currencies, like Bitcoin or Dogecoin, are managed by a distributed network of computers and servers that are, by design, outside the control of any government. Furthermore, there are no banks as go-betweens. So there is no need to disclose your identity. That’s what makes digital currencies so attractive to criminals (and, to be fair, also to political dissenters and others who may have a legitimate claim to anonymity).

Sometimes, digital currencies can be directly exchanged for things of value. Until recently, for example, one could purchase a Tesla with digital coins. But typically, the cryptocurrency has to be converted into an actual currency – dollars, yuan or euros – in order to be useful. Some of the exchanges that make those conversions operate in the United States and are subject to American anti-money-laundering (AML) laws. However, a lot of the exchanges are located offshore and therefore are free from regulation.

That has to change. Converting digital coin to hard cash is the point at which the criminals must show themselves in the physical world, and we should take advantage of that. Indeed, though the precise mechanism is unclear at this point, that seems to be what the U.S. government did to DarkSide – trace their money and take it away at the point of exchange. To make that exercise easier and to put real teeth into the program, America’s effort to expose the ransomware criminals should proceed along two fronts.

Act alone if other nations won’t

First, we need to work cooperatively with foreign governments to develop an international agreement that would force offshore digital exchanges to abide by AML laws. This would include requirements to “know your customer” and identify participants in the exchange and to report suspicious transactions.

Second, in the absence of international agreement, the United States should consider unilateral action. The dollar remains the reserve currency of the world. Foreign banks need to conduct financial affairs in dollars and in coordination with the American banking system. Any foreign bank that acts as a clearing house for an offshore digital exchange should be prohibited from conducting business within the American banking system unless and until they, likewise, implement “know your customer” standards.

If foreign governments won’t act, America should consider using its unique financial position to incentivize assistance from foreign banks. If a bank were required to choose between access to the U.S. financial market and transactions with a crypto exchange, the choice would be clear.

Typically, crime is a persistent – yet tolerable – economic cost. Ransomware is both a criminal scourge and a significant threat to economic prosperity, and even national security. Cyber gangs have crossed the metaphorical digital brown line, and swift action in response is essential. Act now, or lose your lattes.

Featured Publications