Russia's federal bank, the Bank of Russia, this week issued sweeping recommendations to restrict the local cryptocurrency ecosystem. With a substantial portion of the cybercriminal economy operating out of Russia, using cryptocurrency to transfer wealth, an unintended side effect of such laws may be to eliminate some of the comfort ransomware gangs have found in the region.
Up until last week, when Russian security services arrested members of the REvil group, cybercriminals spent years viewing Russia as a place where they could victimize foreign targets without punishment. That extended to many of the cryptocurrency exchanges preferred by the money launderers employed by those groups, who wanted to keep funds close.
One key recommendation of the Bank of Russia's consultation paper is to ban local exchanges as just one means of promoting financial stability, national security and consumer protection.
"The larger ransomware groups (and other cybercriminals operating in Russia) prefer to use local exchanges. Even if the exchanges are headquartered overseas, as long as they have an office in Russia, cybercriminal groups will use them," said Allan Liska, a ransomware expert at Recorded Future. "If they can't use local exchanges, and they have to use international exchanges, does that increase the risk of having their money taken?"
Being forced to foreign exchanges creates several problems for criminals using them as a nexus for ill-begotten gains. Local exchanges have often been viewed as lax on anti-money laundering laws for cybercriminals, something that led to U.S. sanctions against one Russian exchange last year. Exchanges under Russian jurisdiction were subject to Russian judicial oversight for evidence and seizures, which Russian groups have historically put a lot of faith in. And, notes Liska, pliant local exchanges could provide cash directly to criminals rather than requiring a cash-out through the global financial system with stricter global oversight. It may be harder to obtain and traffic a box of Euros from a foreign country.
The Bank of Russia's paper is not largely directed at cybercrime. Instead, it takes a realistic look at the potential dangers of cryptocurrency on an emerging nations' economies and energy security. The Bank makes three major recommendations: banning local mining, shutting down local cryptocurrency exchanges and adding penalties to existing laws barring the use of cryptocurrency to make direct purchases. It would not prevent the purchase or ownership of cryptocurrencies from foreign exchanges.
By taking these steps, the Bank hopes to maintain control over a tenuous emerging economy more susceptible to fluctuations than many of its Western rivals. The Bank fears that widespread investing in cryptocurrency would substantially reduce the national money supply, reducing local investment, and the volatility of the market could wipe out local wealth entirely. It also notes that Bitcoin mining presents a risk to its energy security, potentially requiring more electricity than the country is able to create.
But the impacts to cybercrime could also be very real. Tom Kellermann, head of cybersecurity strategy for VMware who serves on U.S. Secret Service’s Cyber Investigations Advisory Board, noted that there may be other other ways to get illicit payments into criminal hands that could see a resurgence in popularity, including WebMoney, the Russian internet payments system. Still, he's optimistic about the potential effects.
"This will disrupt some money laundering associated with cybercrime in Russia," he said.