FATF publishes recommendations on fighting ransomware-related money laundering

Ransomware is an increasingly common cyber threat due to its highly lucrative nature. This had led to the Financial Action Task Force (FATF) publishing a list of recommendations in order to fight this type of financial cybercrime.

The way a ransomware attack occurs, is when an attacker gains access to a victim’s device, which allows them to establish control and insert malicious software capable of encrypting files. The attacker is also capable of taking copies of the data.

When the malicious software activates, it can lock the device, and encrypt all sensitive data, making it impossible to access. By the time the victim notices what has happened, they receive a digital message through the locked device from the criminals, explaining what they want in exchange to returning access to the victim’s device in exchange for not leaking the data they have copied.

Usually, criminals who engage in ransomware demand payment in cryptocurrency, to ensure there are no traces linking to them. Nefariously, they can also decide not to return access to the device even when they receive payment.

A survey conducted by cybersecurity experts in 2021 indicated that out of 820 businesses, 21 per cent had fallen victim to a ransomware attack.

A memorable incident happened that year in Malta when the Nationalist Party fell victim to a ransomware cyber attack, which led to hackers threatening to leak valuable documents unless the party agreed to ‘communicate and cooperate’.

According to Acronis, a Swiss-based cybersecurity firm, damages from global ransomware attacks are expected to exceed $30 billion (€27.8 billion) by the end of 2023. The banking and finance sector are considered the most at-risk sector to ransomware attacks.

In its report, the FATF states that attacks have become increasingly sophisticated, which increases their profitability and the likelihood of success. It also notes that ransomware attacks are generally underreported, due to their negative impact on a business or due to fear of retaliation by the hackers.

The lack of reporting, the FATF notes, partly explains the lack of experience in investigating money laundering related to ransomware, so it urged jurisdictions to increase and enhance sources of detection and reporting. In so doing, they would be more capable of developing the necessary tools and skills to effectively trace and recover virtual assets.

Ransomware criminals utilise the international nature of virtual assets such as bitcoin to facilitate large-scale rapid transactions, which can be done without the involvement of traditional financial institutions which do have anti-money laundering and counter-terrorist financing (AML/CFT) programs in place.

They also complicate matters further by using anonymity-enhancing technologies, techniques and tokens in the laundering process, such as anonymity-enhanced cryptocurrencies and mixers, according to the FATF.

To strengthen the global response against ransomware and related money laundering, the FATF proposed a list of actions.

One of the proposed actions was to implement relevant FATF standards, including those on the virtual asset service provider (VASP) sector to weaken the criminals’ ability to use financial institutions without AML/CFT rules in place in that jurisdiction.

Another was to promote financial investigations and asset recovery efforts, which would require developing relevant specialised skills and expertise to successfully investigate ransomware cases.

Furthermore, when it came to tackling ransomware, it urged jurisdictions to identify and assess money laundering risks posed by ransomware in their national risk assessment, since criminal groups can operate in a decentralised manner, from any jurisdiction.

It also urged jurisdictions to identify and establish mechanisms to allow public sector cooperation with the private sector, since private sector actors such as VASPs, and other non-traditional partners, may provide useful insights and expertise that the public sector does not have.

Lastly, the FATF urged for the improvement of international cooperation, which would include the effective use of bilateral, regional and multilateral mechanisms, such as liaison offices and 24/7 contact points, to improve cross-border fund tracing and facilitate asset recovery. In so doing it could enable authorities to engage in dismantling transnational networks engaged in ransomware and money laundering.

The Government of Malta has demonstrated commitment to addressing shortcomings in the country’s cybersecurity infrastructure. In 2021, the Government announced the establishment of a national cybersecurity centre, and earlier this year it announced a couple of schemes to support the cybersecurity efforts of businesses.