White House Convenes Ransomware Summit as Reported Incidents Soar By Over 50%

From October 31 to November 1, 2022, the International Counter Ransomware Initiative (CRI) launched its second summit meeting to discuss the prevention of large-scale cyber attacks and money laundering via digital currencies. Present at the summit were representatives from 36 CRI partner countries, including the US, the UK, Singapore, Australia, and Brazil.

In June 2021, the Financial Crimes Enforcement Network (FinCEN) highlighted its concern about ransomware attacks in its first US government-wide list of national priorities for anti-money laundering and counter-terrorism financing (AML/CFT). Launched in October 2021, the CRI was part of President Biden’s plan to act on this priority and safeguard digital networks worldwide. 

The Counter Ransomware Initiative (CRI)

Through 2022 the CRI has focused on increasing the resilience of all CRI partners, disrupting cyber criminals, countering illicit finance, building private sector partnerships, and cooperating globally to address the challenge. In 2023, the CRI plans to continue this work by taking the following actions:

• Establish an International Counter Ransomware Task Force (ICRTF)
• Create a fusion cell at the Regional Cyber Defense Centre (RCDC)
• Deliver an investigator’s toolkit
• Institute active and enduring private-sector engagement
• Publish joint advisories outlining tactics, techniques, and procedures for key identified actors
• Coordinate priority targets through a single framework
• Develop a capacity-building tool
• Undertake biannual counter-ransomware exercises

Following the summit, the CRI partners issued a joint statement reaffirming their commitment to disrupting ransomware attacks and protecting their citizens from cybercriminals. To meet these goals, the partners listed their intention to:

• Hold ransomware actors accountable and not provide them with a safe haven
• Combat ransomware actors’ ability to profit from illicit proceeds by implementing and enforcing AML/CFT measures, including “know your customer” (KYC) rules, for virtual assets and virtual asset service providers 
• Disrupt and bring to justice ransomware actors and their enablers to the fullest extent permitted under each partner’s applicable laws and relevant authorities
• Collaborate in disrupting ransomware by sharing information to ensure national cyberinfrastructure is not being used in ransomware attacks

Ransomware Trend Analysis

Also on November 1, FinCEN published a Financial Trend Analysis report on ransomware trends in Banking Secrecy Act (BSA) data between July 2021 and December 2021. Pursuant to section 6206 of the Anti-Money Laundering Act of 2020 (AMLA), which requires FinCEN to publish threat patterns and trend information derived from BSA filings, the report highlights that ransomware continues to pose a significant threat to US critical infrastructure sectors, businesses, and the public.

The most notable findings in the report include:

• Reported ransomware-related incidents increased by over 50% from 2020
• Ransomware-related BSA filings in 2021 approached $1.2 billion
• Roughly 75% of the ransomware-related incidents reported to FinCEN during the second half of 2021 pertained to Russia-related ransomware variants

According to the report’s press release, FinCEN Acting Director Himamauli Das said, “[The findings] underscore the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.” 

When filling out suspicious activity reports (SARs) related to ransomware, FinCEN reminds compliance teams to include the key term: “CYBERFIN-2021-A004” and select SAR field 42 (Cyber Event). 

Key Takeaways

To mitigate against the threat of ransomware, firms must boost their cyber defenses and practice good cyber hygiene. Strong cybersecurity controls should be in place alongside business continuity and resiliency plans. Firms should also familiarize themselves with the ransomware trends and typologies identified by FinCEN in its November 2021 advisory, including:

• Use of anonymity-enhanced cryptocurrencies (AECs)
• Extortion schemes
• Unregistered convertible virtual currency (CVC) mixing services
• Ransomware criminals forming partnerships and sharing resources
• Use of “fileless” ransomware

The typologies identified by FinCEN should be built into firms’ controls. Finally, compliance staff should ensure they are aware of the sanctions risks of processing payments on behalf of victims, as highlighted by OFAC in its updated September 2021 advisory.

A Spotlight on Financial Crime

Stay on top of regional trends and novel criminal techniques so you can protect your business from financial crime.

Download Our Free Global Compliance Report