On June 29, 2021, the New York ACAMS Chapter hosted a virtual event titled Ransomware and Its Impact on Financial Crime. The event was moderated by Howard Spieler (ACAMS Chapter Co-Chair) and included the following panelists: Dainia Jabaji (Attorney, Winston & Strawn LLP); Hiral Mehta (Deputy Chief, International Narcotics & Money Laundering, Bank Integrity Task Force, Criminal Division, U.S. Attorney’s Office, Eastern District of New York); Gregory Schwarz (Associate Director, Guidehouse); and Jesse Spiro, Global Head of Policy, Chainalysis, Inc.
Materials from the event can be accessed here.
The event opened with discussion regarding the increase in ransomware. Blockchain analysis (specifically, a study conducted by Chainalysis) shows that the total amount paid by ransomware victims increased by 311% in 2020 to reach nearly $350 million worth of cryptocurrency. 2020’s ransomware increase was driven by a number of new strains taking in large sums from victims, as well as a few pre-existing strains drastically increasing earnings. No other category of cryptocurrency-based crime had a higher growth rate.
Panelists then discussed best practices for preventing a ransomware attack, which includes implementing multi-factor verification and using unique passwords for different applications and websites. Corporations are advised to run vulnerability scanning systems for cybersecurity awareness and have an offline encrypted data back-up. Panelists discussed the AML implications surrounding a growing industry of intermediaries such as digital forensics and incident response (DFIR) companies and cyber insurance companies (CICs), that are helping managing ransomware attacks, including negotiating the ransom and facilitating the sending of funds.
Financial Crime Compliance professionals should also be alert to ransom risks due to AML and Sanctions implications, and are recommended to review advisories issued by FinCEN and OFAC on October 1, 2020. FinCEN included ten red flag indicators of ransomware and associated payments in its advisory. OFAC notes that victims should be aware that attacks may be carried out by sanctioned parties or jurisdictions, and that making a ransom payment could violate OFAC sanctions. The nexus to a sanctioned entity may not be apparent at first but could be uncovered later through investigation.
· General position of the US Government is not to pay a ransom.
· Companies should engage law enforcement as early as possible – consider the local field offices of the FBI or Secret Service.
· Companies should have good “cyber-hygiene”. For example, employees should not use the same passwords for work as they do for personal applications, and companies should use multi-layer authentication for remote work log-ins.
· Companies (and banks that facilitate such payments) should be aware of legal and reputational risks connected with paying or facilitating a ransom payment.