2022 was a landmark year for ransomware attacks on major businesses and government agencies both domestically and abroad, with the prevalence of high-profile attacks continuing to rise at exponential rates into 2023. While largely growing in sophistication – and subsequently success – over the last decade, the basic premise of these attacks has remained much the same since first garnering public attention in the late 1980’s. Ransomware as a whole refers to the unethical practice of utilizing forms of malicious software (i.e. malware) designed to block access to a computer system or intel, generally by encrypting data or programs on IT systems to extort ransom payments from victims in exchange for decrypting said information and subsequently restoring victims’ access to their own systems. This term has also grown to encompass hackers simply utilizing their skills to exploit vulnerabilities found in the cybersecurity protocols of their targets for purposes of making off with quick cash from consumer accounts. All told, these efforts have had major destabilizing effects to date, often culminating in significant financial and reputational loss for the businesses targeted while leaving their clientele at risk of identity theft and further manipulation by fraudsters.
While financial service providers of all sizes have historically been viewed as prime targets for bad actors seeking to exploit them for large sums of money, the practice has grown to include other major industries such as the realms healthcare and public health, manufacturing, and information technology (each deemed “critical infrastructure” sectors by the Federal Bureau of Investigation). Analysts believe this shift can in part be tied into the fact that the vast majority of these sectors are not subjected to the staunch anti-money laundering (AML)/counter terrorism financing (CFT) requirements that govern financial institutions, rendering their defenses against nefarious activity as suboptimal. To battle what is evolving into a major global issue, both with respect to the attacks themselves as well as the regulatory burden being placed on the aforementioned industries, the Financial Action Task Force (FATF) recently published a report titled Countering Ransomware Financing analyzing the methods that criminals use in order to perpetrate ransomware attacks, detailing how payments are made and laundered, while also outlining what actions can be taken on behalf of the affected sectors to better prevent them.
The FATF – an intergovernmental agency that develops regulatory and operational policies to combat money laundering, terror financing and other threats to the international financial system – has found that that criminals primarily rely on prominent cryptocurrencies such as Bitcoin to receive their ransom payments from their victims, accepting them into crypto-wallets that are not held at regulated institutions and later laundering their funds.1 For banks already facing a significant battle with respect to managing current compliance burdens, the growth in utilization of cryptocurrencies has placed even greater responsibility on financial and virtual asset service providers (VASPs) to both identify and mitigate financial crime risks. As cryptocurrency exchanges generally allow for those behind transactions to remain under cover, the illicit financial flows of ransomware groups and their support networks have multiplied while prosecution rates for activity of this nature have largely declined. Attackers also generally will send their funds through crypto-asset mixing services (i.e. crypto “blenders”) and other obfuscating technology aimed at further breaking the funds’ trail on the blockchain and thus limiting their chances of detection.
One of the topics that the FATF report focused most heavily on was “ransomware gangs” that have grown in prevalence and notoriety since the beginning of the Covid-19 pandemic. These cybercriminal collectives launch attacks using a method called “Big Game Hunting” in which they mount attacks against lucrative, high-grossing entities such hospitals, government offices, energy companies, and other important units of infrastructure in an attempt to collect the biggest possible payouts. Raising awareness about these gangs and their more favorable targets is a primary focus of FATF, efforts that have already seen success domestically over the last year with the mitigation of state-sponsored hacking efforts on behalf of both North Korea and Russia, respectively. These efforts have come as part of the United States growing anti-hacking offensive that began just weeks after the Biden Administration officially declared ransomware as a top national security threat in mid-2022. This new approach has also seen a shift towards more proactive ventures and a gross reduction in the levying of criminal charges against foreign hackers after their crimes have already been committed. Over the last several years, the U.S. government has found it increasingly difficult to ultimately enforce these charges and extradite bad actors from various international jurisdictions – let alone individuals/groups operating on behalf of foreign governments.
The FATF believes that increasing awareness of common practices utilized by cybercriminal organizations will ultimately be a boon to financial institutions and law enforcement bodies across the globe in improving their risk mitigation strategies. The agency has also challenged authorities and the involved firms to expand their cooperation to include cryber-security and data protection agencies to better identify patterns of activity that will expose these ransomware gangs in the future. The FATF has also placed a premium on the proper authorities developing the skills and tools necessary to quickly collect key information, trace the nearly instantaneous financial transactions and recover virtual assets before they dissipate2 – a practice which will be much more of a challenge than simply increasing vigilance.
In order to stay ahead of the curb and avoid falling victim to ransomware attacks, the FATF lists several practical examples of actions that entire regions can take to improve their ability to counter illicit financial flows related to ransomware, while also serving as best practice for limiting financial crime in general. These include:
- Implementing relevant FATF Standards, including on VASPs, and enhance detection.
- Promoting financial investigations and asset recovery efforts
- Adopting a multi-disciplinary approach to tackle ransomware
- Supporting partnerships with the private sector
- Improving international cooperation2
The executive summary of the FATF’s groundbreaking report can be found in its entirety here.
- Carlisle, David. “Ransomware & Crypto: The Growing Compliance Challenge.” Reuters, Thomson Reuters, 1 May 2023.
- “FATF Report – Countering Ransomware Financing.” The Financial Action Task Force, Mar. 2023.