FinCEN issues updated guidance on ransomware

The Financial Crimes Enforcement Network (FinCEN), part of the U.S. Department of the Treasury, has released an updated version of recommendations aimed at countering ransomware.

The agency noted that in most ransomware attacks criminals demand payment in cryptocurrency. The document uses the term “convertible virtual currency.”

FinCEN said that more often, criminals demand ransom in Bitcoin and privacy-focused cryptocurrencies such as Monero. According to the agency, attackers are even willing to lower the ransom if the victim pays using such currencies.

Hackers often use mixing services to “obscure” traces, and cash out through exchanges registered in jurisdictions with lax compliance and regulatory oversight, the document says.

Among the main trends FinCEN highlighted are an uptick in double-extortion attacks, targeting entities connected to the initial victim (for example, partners or customers), and the “ransomware as a service” (RaaS) model.

The agency also listed indicators by which professionals can identify transactions related to ransomware. Among them are links between addresses and previously identified hackers, large cryptocurrency transfers from clients with little or no transaction history, use of high-risk exchanges, and more.

FinCEN emphasised the importance of detecting and reporting any suspicious transactions related to ransomware attacks by financial institutions, including cryptocurrency exchanges.

Earlier, FinCEN said that in the first six months of 2021, exchanges and other organisations sent more than 635 Suspicious Activity Reports related to ransom payments to ransomware operators. The reports contained information on transactions totalling $590 million.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.