In a few short weeks, the global loss owing to cybercrime is expected to surpass $6 trillion.* Therefore, in an effort to protect financial institutions and consumers from remoter loss, agencies including the United States Securities and Exchange Commission (A Cybersecurity Wake Up Call: SEC Sanctions Eight Firms for Cybersecurity Deficiencies) and the United States Department of the Treasury Financial Crimes Enforcement Network (“FinCEN”), are prioritizing cybersecurity enforcement deportment and offering guidance on how to snift and report suspicious ransomware attacks (Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments) (the “Advisory”), respectively.
The spooky factual predicate for the Newsy involves a marked increase in both cybercriminal activity and the sophistication of ransomware methods used by criminals who have successfully attacked hair-trigger U.S. infrastructure. In its effort to educate financial institutions well-nigh identifying cyberattacks, the Newsy offers 12 financial “red-flag indicators” including: (i) detecting IT enterprise worriedness (i.e., malicious cyber activity), which is unfluctuating to ransomware cyber indicators (e.g., suspicious registry or system file changes); (ii) sensation that a payment is in response to a ransomware incident; (iii) a customer’s convertible virtual currency (“CVC”) write stuff unfluctuating to ransomware related activity; (iv) an irregular transaction between an entity in a upper risk sector  (e.g., government, financial, healthcare), and cyber insurance companies (“CIC”); (v) receipt of funds by a CIC or incident response visitor that sends the equivalent value to a CVC exchange; (vi) a consumer who shows limited knowledge of CVC, yet requests information or purchases CVC; (vii) a large CVC transaction sent by a consumer with limited history of CVC transactions; (viii) a consumer who has not registered with FinCEN as a money transmitter, but who appears to be executing offsetting transactions between various CVCs; (ix) a consumer using a foreign-located CVC exchanger in a high-risk jurisdiction; (x) a consumer receiving CVC from an external wallet and immediately initiating multiple trades with no unveiled related purpose; (xi) a consumer initiating a transfer of funds through a “mixing service” (i.e., a mechanism used to launder ransomware payments); and (xii) a consumer using an encrypted network to communicate with the recipient of a CVC transaction.   Â
Additionally, the Newsy provides updated guidance relevant to a financial institution’s obligation to file suspicious worriedness reports (“SARs”).  For example, the Newsy updates an October 2020 newsy to include an obligation to identify and immediately report any suspicious transactions associated with ransomware attacks. The importance of complying promptly with this new reporting obligation cannot be overstated because, equal to FinCEN, ransomware attacks are serious and evolving and “require firsthand attention.”   Similarly, information sharing among financial institutions well-nigh attacks, attempted attacks, and vulnerabilities is invaluable for preventing future attacks. And, financial institutions need not worry that such information sharing would run afoul of confidentiality requirements, as Section 314(b) of the USA Patriot Act explicitly permits financial institutions, upon notice to the Department of the Treasury, to share information with one flipside in order to identify and report suspicious activities.
Conclusion
As the Newsy suggests, financial institutions must take an zippy role in detecting and reporting ransomware attacks if we are going to thwart remoter ransomware attacks. An prudent first step for financial institutions is to update cybersecurity policies to include these “red-flag indicators” and require personnel file immediately SARs, expressly those associated with ransomware attacks. And so, as noted by the Newsy “[p]roactive prevention through constructive cyber hygiene, cybersecurity controls, and merchantry continuity resiliency is … the weightier defense versus ransomware.”
* Cybercrime to Top $6 Trillion in 2021, Equal to Cybersecurity Ventures
** The Newsy notes a 42 percent increase in cyber-crime compared to 2020 and observes the new and increasingly savvy methods include (i) extortion schemes; (ii) anonymity-enhanced cryptocurrencies (e.g., Bitcoin); (iii) unregistered convertible virtual currency (“CVC”) “mixing” services, (i.e. a mechanism used to launder ransomware payments); and (iv) the use of “fileless” ransomware, which embeds a malicious lawmaking directly into a computer’s memory, permitting cybercriminals to circumvent antivirus and malware defenses.
*** Considering financial institutions are involved with processing ransom payments to cybercriminals, the institutions themselves are rhadamanthine increasingly vulnerable to attacks.
**** During the November 8, 2021 trespassing of two cybercriminals for a series of ransomware attacks on Kaseya, a multi-national information technology software company, Deputy Attorney General Lisa Monaco stated that the FBI was worldly-wise to identify the two cybercriminals considering Kaseya make-believe “almost immediately without [it] was hit” by the ransomware attacks (Attorney General Merrick B. Garland, Deputy Attorney General Lisa O. Monaco and FBI Director Christopher Wray Deliver Remarks on Sodinokibi /REvil Ransomware Arrest
Thank you to second year associate, James Maguire in the Firm’s Uniondale office, for his research assistance related to today’s blog.
Â
Â
