FINCEN warns on ransomware transactions

FINCEN the FIU of USA has newly conducted virtual FINCEN exchange with an aim to identify, analyse and report the evolving concerns regarding ransomware. Ransomware is a computer software program that is designed to infect the data and files of a computer system. The attacker of such data demands for a ransom from the victims which ranges from few hundred dollars to several thousand dollars. In most of the cases, the victims were not provided with access to their data (i.e) decryption code even after paying the ransom amount.

The ransomware attackers not only steal the information of government agencies, corporate entities but also individual information. The perpetrators threaten to publish sensitive and confidential files belonging to the victims. Ransomware attacks are huge menace to the entire financial system and the virtual meeting also addressed the role of few financial institutions in processing the ransom payments. Fincen exchange, a voluntary public private partnership has dealt with the trends and typologies of the attackers, the associated payments, ransomware specific red flag indicators and the ways to recover victim’s funds.

Ransomware attackers have started to conduct their business in a more organised way by forming partnerships, to plan, share information on a common platform. The recent trend in ransomware operations is “Double extortion schemes” wherein the perpetrators remove personal/commercial information from the victim’s network; encrypt the files and thereby demanding a ransom. On the other hand they threaten to publish or sell the data that is being stolen in case of payment default.

The ultimate objective of FICEN is to protect the US financial system from money laundering, terrorist financing and other such financial crimes. FINCEN further advises the financial institutions to file SAR with respect to suspicious transactions/activities related to ransomware which must include but not limited to cyber indicators like relevant IP (internet protocol) address, email address, login information, malware hashes and a narrative of other electronic communications.


Author: Rajashree, MBA, CAMI

(PonSun AML Academy)