A Surging Global Threat
According to FATF Report in March 2023, ransomware incidents have grown significantly in recent years, both in number and scale. Additionally, the landscape of ransomware attacks has evolved, and attackers have adopted new techniques to increase the profitability of their endeavours and enhance the likelihood of successful attacks. These have led to a global concern on how to prevent and combat the threat.
Ransomware is a type of malicious software that poses a significant threat to individuals, businesses, and institutions. The primary objective of ransomware attacks is to block access to a computer system or data, typically by encrypting the files or programs on IT systems. The attackers then demand a ransom payment from the victims in exchange for decrypting the information and restoring access to their systems or data.
Processing ransomware payments involves several steps and often includes multiple entities, with criminals demanding payments in virtual assets. Here’s a breakdown of the typical multi-step process:
Tech Evolutions facilitating Ransomware
The rapid evolution of cutting-edge technologies has indeed played a role in enabling cybercriminals to commit ransomware crimes more efficiently. RaaS (Ransomware-as-a-Service) platforms provide cybercriminals with easy access to ransomware tools and infrastructure. This lowers the barrier to entry for less technically skilled individuals, enabling them to launch ransomware attacks with minimal effort. The dark web also provides a hidden environment where cybercriminals can communicate, collaborate, and exchange tools and services anonymously. This facilitates the buying and selling of ransomware, hacking tools, and stolen data. As said before, cryptocurrencies allow criminals to receive ransom payments anonymously. The decentralized nature of cryptocurrencies makes it challenging for law enforcement to trace and identify the recipients of ransom funds. Attackers increasingly engage in targeted attacks rather than random campaigns. They leverage machine learning and artificial intelligence to automate identifying potential targets for their attacks.
Global Efforts to Combat Ransomware
The good news is despite lack of dedicated laws, explicitly addressing ransomware, in many jurisdictions, they often treat such attacks as a predicate offense under existing criminal statutes. This approach allows law enforcement agencies to pursue and prosecute cybercriminals engaged in ransomware activities. FATF has provided a guidance on risk indicators that can help financial institutions and VASPs to identify detect and combat ransomware financing attempts. The G7 also, has been active in addressing the ransomware threat and recognized the severity of the issue and has provided financial entities with high-level building blocks to guide them in addressing the ransomware threat. However victim reporting could be a source which enables authorities to step forward in time. In most jurisdictions, incident reporting is voluntary but victims may not have incentives to voluntarily report incidents due to post-ransom payment and lack of legal protections. For instance, paying a ransom to entities or individuals subject to sanctions can lead to legal consequences.
In conclusion, the threat of ransomware presents a complex challenge that transcends borders and disciplines. Effectively countering this threat demands a coordinated and multifaceted approach. By fostering partnerships at the local, national, and international levels, jurisdictions can strengthen their collective defences. The escalating sophistication of ransomware, fuelled by technological advancements, highlights the need for a harmonized and structured framework to not only mitigate the immediate impact of ransomware but also to cultivate a resilient cybersecurity ecosystem for the future.
 Financial Action Task Force (FATF), “Countering Ransomware Financing,” FATF, Paris, 2023
 Financial Action Task Force (FATF), “Countering Ransomware Financing: Potential Risk Indicators,” FATF, Paris, 2023
 F. C. E. N. (FinCEN), “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments,” FinCEN, Washington, D.C., 2022
 G7, “G7 Fundamental Elements of Ransomware Resilience for The Financial Sector,” G7, 2022