Released on March 14 by the Financial Action Task Force (FATF) the Report on countering ransomware financing “analyzes the methods that criminals use to carry out their ransomware attacks and how payments are made and laundered”.
Common methods & trends include:
Big game hunting: Organisations of high-profile entities that are more likely to pay a ransom in order to resume business operations or avoid public scrutiny.
RaaS : in this case, criminals provide ransomware software kits on the Dark Web or outsource elements of ransomware attacks (distribution of malware, exfiltration of data…).
Double-Extorsion: ransomware operators exfiltrate the victim’s data before encrypting it and then threaten to publish the stolen data if the victim does not pay a ransom.
Triple-Extorsion: ransomware operators seek money from the victim first targeted but also from a victim who might have been impacted by the disclosure of the first victim.
Multiple-Extorsion: Involves more than two extortion methods. It is based on double-extortion using encryption and exfiltration but includes additional pressure tactics (e.g. distributed denial of service DDoS).
FATF proposed actions to counter ransomware attacks
The Report proposes a number of actions that can be taken to tackle ransomware and related laundering, more specifically:
Implement the relevant FATF Standards and enhance detection. This includes the FATF Standards on virtual assets service providers or VASPs (read our previous article here). Detection of ransomware attacks should also be accompanied by timely reporting regarding suspicious transactions as well as voluntary reporting of incidents by affected parties/victims.
Promote financial investigations and assets recovery reports. Recommendation that competent authorities use and adapt traditional law enforcement techniques as well as virtual assets specific-techniques to conduct such investigations.
Adopt a multidisciplinary approach to tackle ransomware. Identification and assessment of money laundering risks related to ransomware. Coordination mechanisms across relevant competent authorities (law enforcement, AML/CFT, cyber-crime authorities and non-traditional partners such as cybersecurity or data protection agencies).
Support partnerships with the private sector. Mechanisms that support partnership between the public and private sector with the inclusion of VASPs and other non-traditional partners.
Improve international cooperation, through bilateral, regional and multilateral mechanisms (e.g. using liaison offices and establishing clear 24/7 contacts points).
FATF Report Countering Ransomware Financing: Potential Risk Indicators, issued the same date, should be read together with the FATF Report Countering Ransomware Financing.
Comments