PART I.
More and more the news articles are extolling the depressing, disappointing and no longer totally surprising cyberattacks with the inevitable demand for a ransom…a staggering ransom with no guarantees that once paid your internet data would even be returned from deep dark space.
These cybercrimes are multiplying at a mind-blowing speed and multiplying exponentially to the point that the U.S. Government has become involved with the creation of the special Advisory on Ransomware for investigating cybercriminals to use the financial systems to facilitate ransom payments and then to create a method to detect and report ransomware payment to holding ransomware attackers accountable for their crimes and, hopefully, preventing the laundering of the ill-gotten proceeds.
Most recently ransomware attacks are increasing against critical U.S. infrastructure, such as the May 2021 ransomware attack that disrupted the operations of Colonial Pipeline, the largest pipeline system for refined oil products in the United States. This attack led to widespread gasoline shortages that affected tens of millions of Americans. Other recent targets include entities in the manufacturing, legal services, insurance, financial services, health care, energy, and food production sectors.
Department of the Treasury’s broader efforts to combat ransomware and Advisory will be sharing their information with:
Chief Executive Officers
Chief Operating Officers
Chief Compliance Officers
Chief Risk Officers
AML/BSA Departments
Legal Departments
Cyber and Security Departments
Customer Service Agents, and
Bank Tellers
Suspicious Activity Reporting, SAR, Filing Request are divided into categories to help determine if ransomware is involved such as typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers and use of cryptocurrency as a payment method by bad actors to facilitate ransom and blackmail. SAR is also used to understand ransomware’s malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs on information technology (IT) systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to systems or data. It is not unheard of for the bad actors encrypting information, then threaten to publish sensitive files belonging to the victims, which can be individuals or business entities, including financial institutions. The consequences of a ransomware attack can be severe and far-reaching—with losses of sensitive, proprietary, and critical information and/or loss of business functionality.