The recent uptick in ransomware attacks can be addressed without outright bans on cryptocurrency, CrowdStrike co-founder and former Chief Technology Officer Dmitri Alperovitch told CNBC on Tuesday.
“I agree that crypto is a huge part of the problem because of the ability to receive payments anonymously, but I don’t think we should ban it,” Alperovitch said on “Power Lunch.” “I mean, if we banned computers we would also solve the problem, but no one is suggesting that.”
Instead, Alperovitch, who left the California-based cybersecurity firm early last year, said a range of rules could be implemented to counteract ransom payments being made in digital currencies, such as bitcoin.
“I do think that regulations on cryptocurrency — know your customer, anti-money laundering regulations to make sure that large transfers are tracked and these criminals can’t receive them anonymously — are going to be very, very important in stemming this problem,” he said.
Reported global ransomware attacks increased by 485% in 2020 compared with the previous year, according to Romanian cybersecurity firm Bitdefender. A high-profile incident in May involving Colonial Pipeline, in which the company paid a $5 million ransom in bitcoin, has intensified focus on the subject.
In addition to happening more frequently, the attacks have become more sophisticated, CrowdStrike CEO George Kurtz told CNBC on June 9.
“It’s become big game hunting as opposed to just traditional ransomware,” said Kurtz, who, alongside Alperovitch and former Chief Financial Officer Gregg Marston, founded CrowdStrike in 2011. The company provides cloud-based services including endpoint security, threat intelligence and cyberattack response.
Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency, told CNBC earlier Tuesday that the role cryptocurrency plays in “enabling” cyber-criminals needs to be examined.
“I think international regulators are taking a hard look at cryptocurrencies and how they’ve kind of skated under the radar for quite some time in terms of transparency,” Krebs said on “TechCheck.”
But in the immediate term, given the uptick in threats, Krebs said businesses must prepare their contingency plans in case they fall victim to a cyberattack.
“This is the issue that corporate executives, boards of directors, general counsels need to be thinking about right now,” said Krebs, who was fired from his role leading CISA in November by former President Donald Trump after Krebs repeatedly defended the security of the 2020 presidential election.
“It’s really a matter of: Am I going to be in business tomorrow? Am I going to be able to deliver for my clients? Am I going to be able to deliver for my shareholders?” Krebs said. “I think these issues will continue until we can take the players off the playing field.”
Governments can play a role in deterring cyber-criminals, Krebs said. They can “disrupt these actors and make it harder for them to operate, but most importantly make them not want to play the game anymore.”
Industry experts have varying views on how cryptocurrency impacts the scale of ransomware attacks, which can take targeted devices and systems offline. Attackers then demand a ransom payment, perhaps in cryptocurrency, from a company or organization in exchange for releasing the data.
FireEye CEO Kevin Mandia told CNBC on Monday the increase in the ransomware attacks “absolutely aligns” with the advent of cryptocurrency.
Some believe clamping down on the digital currency could be the key to limiting ransomware attacks, while others contend the fact cryptocurrency transactions occur on decentralized digital ledgers, known as blockchains, can be beneficial in tracking down perpetrators.