Ransomware Financing

Anti Financial Crime

A Surging Global Threat

According to FATF Report in March 2023, ransomware incidents have grown significantly in recent years, both in number and scale. Additionally, the landscape of ransomware attacks has evolved, and attackers have adopted new techniques to increase the profitability of their endeavours and enhance the likelihood of successful attacks. These have led to a global concern on how to prevent and combat the threat. 

Ransomware is a type of malicious software that poses a significant threat to individuals, businesses, and institutions. The primary objective of ransomware attacks is to block access to a computer system or data, typically by encrypting the files or programs on IT systems. The attackers then demand a ransom payment from the victims in exchange for decrypting the information and restoring access to their systems or data.

Ransomware Process

Processing ransomware payments involves several steps and often includes multiple entities, with criminals demanding payments in virtual assets. Here’s a breakdown of the typical multi-step process: 

  • Malware Attack
    Cybercriminals initiate a ransomware attack, encrypting the victim’s data.
  • Ransom Demand
    Cybercriminals demand a ransom payment in exchange for providing the decryption key or not disclosing sensitive information.
  • Communication and Negotiation
    In some cases, there may be communication between the attackers and the victim to negotiate the ransom amount, payment method, and other details. Negotiation attempts may be facilitated through anonymous communication channels, often using encrypted messaging platforms.
  • Payment Instructions
    The criminals provide detailed instructions on how to make the ransom payment. This typically involves the use of virtual assets, such as cryptocurrencies, to maintain a degree of anonymity.
  • Cryptocurrency Transactions
    Victims, or third parties acting on behalf of victims, procure the required crypto currency using a Virtual Asset Service Provider (VASPs). This may involve purchasing cryptocurrency through an exchange or using existing holdings.
  • Transfer to Criminal Wallet
    The acquired cryptocurrency is then transferred to a wallet controlled by the criminals. Cryptocurrency wallets are digital containers that store the private keys necessary to access and control the funds.
  • Layering
    Once the cryptocurrency is received in the criminal’s wallet, they have control over the funds and start layering and making it hard to trace. Throughout the process, money services businesses (MSBs) may become involved. MSBs are financial entities that offer services such as money transfers, currency exchange, and payment processing. These businesses may play a role in converting fiat currency into cryptocurrency or the other way around and facilitating the movement of funds.
  • Conversion to fiat currency
    Criminal proceedings end in VASPS that convert virtual assets to fiat currency.
  • Deposit/Spend the fund
    Depository institutions are involved in the process while cashing out the cryptocurrencies. These institutions may include banks or other financial entities that handle traditional currency transactions. Criminals deposit, invest or spend their ransomware proceeds.
The author
Leila Hosseingholizadeh Senior AML Consultant
Schedule a meeting with Leila Hosseingholizadeh

Table of Content

Tech Evolutions facilitating Ransomware

The rapid evolution of cutting-edge technologies has indeed played a role in enabling cybercriminals to commit ransomware crimes more efficiently. RaaS (Ransomware-as-a-Service) platforms provide cybercriminals with easy access to ransomware tools and infrastructure. This lowers the barrier to entry for less technically skilled individuals, enabling them to launch ransomware attacks with minimal effort. The dark web also provides a hidden environment where cybercriminals can communicate, collaborate, and exchange tools and services anonymously. This facilitates the buying and selling of ransomware, hacking tools, and stolen data. As said before, cryptocurrencies allow criminals to receive ransom payments anonymously. The decentralized nature of cryptocurrencies makes it challenging for law enforcement to trace and identify the recipients of ransom funds. Attackers increasingly engage in targeted attacks rather than random campaigns. They leverage machine learning and artificial intelligence to automate identifying potential targets for their attacks. 

Global Efforts to Combat Ransomware

The good news is despite lack of dedicated laws, explicitly addressing ransomware, in many jurisdictions, they often treat such attacks as a predicate offense under existing criminal statutes. This approach allows law enforcement agencies to pursue and prosecute cybercriminals engaged in ransomware activities. FATF has provided a guidance on risk indicators that can help financial institutions and VASPs to identify detect and combat ransomware financing attempts. The G7 also, has been active in addressing the ransomware threat and recognized the severity of the issue and has provided financial entities with high-level building blocks to guide them in addressing the ransomware threat. However victim reporting could be a source which enables authorities to step forward in time. In most jurisdictions, incident reporting is voluntary but victims may not have incentives to voluntarily report incidents due to post-ransom payment and lack of legal protections. For instance, paying a ransom to entities or individuals subject to sanctions can lead to legal consequences. 

In conclusion, the threat of ransomware presents a complex challenge that transcends borders and disciplines. Effectively countering this threat demands a coordinated and multifaceted approach. By fostering partnerships at the local, national, and international levels, jurisdictions can strengthen their collective defences. The escalating sophistication of ransomware, fuelled by technological advancements, highlights the need for a harmonized and structured framework to not only mitigate the immediate impact of ransomware but also to cultivate a resilient cybersecurity ecosystem for the future.

Other articles

Detection of money laundering through shell companies

A shell company is a registered legal entity that exists only on paper and has no significant assets or business activities. The shell company pretends to provide real business services in order to conceal illegal funds and its beneficial owner, launder money or avoid tax payments.

Has the EU entered the era of extraterritorial sanctions?

With the recent adoption of the EU’s 13th sanctions package against Russia, we sought insights from our senior legal officers at Wiacon, Negin Ajam and Nasim Zargarinezhad. The EU’s decision to sanction Chinese firms, among others, aims to disrupt the supply chain of vital drone components to Russia, especially given the ongoing conflict in Ukraine.

Grey listed UAE: fair or unfair play!

In recent years, the United Arab Emirates has found itself at the forefront of international scrutiny following being grey listed by Financial Action Task Force (FATF). The UAE is known as a trade hub in the Gulf region and the country has appeared to be determined to uphold its reputation as a business center. In the following paragraphs, we aimed to explore the UAE´s grey listing case from various perspectives.

Shell vs. Shelf Companies

In the TV series 'Blacklist,' Red Reddington – a so called FBI most wanted fugitive who cooperates for hunting down other criminals - advised his contact agent: if you aim to decode the actions of criminals, THINK LIKE A CRIMINAL. This principle also applies to our line of work. To effectively combat crime, we must understand how criminals think and know the loopholes they might exploit. That's why, at WIACON, we make it a priority to stay updated on everything happening in the realm of financial crime.

COP28 in the UAE

Cop 28 is incoming. On November 30, 2023 the United Arab Emirates (UAE) will officially open the global summit on climate change in uncertain times. The war in the Ukraine, the new Palestinian-Israeli conflict and the tensions in the Pacific between the United States and China on Taiwan are shaping the international relations and the entire world.
Sources:

[1] Financial Action Task Force (FATF), “Countering Ransomware Financing,” FATF, Paris, 2023

[2] Financial Action Task Force (FATF), “Countering Ransomware Financing: Potential Risk Indicators,” FATF, Paris, 2023

[3] F. C. E. N. (FinCEN), “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments,” FinCEN, Washington, D.C., 2022

[4] G7, “G7 Fundamental Elements of Ransomware Resilience for The Financial Sector,” G7, 2022

green matrix background computer generated with crime hand hack for money
Linkedin Youtube