Advisory highlights latest ransomware schemes

(Nov. 12, 2021) Growing use of anonymity-enhanced cryptocurrencies (AECs) used in ransomware schemes and the ways that perpetrators launder ransomware proceeds are detailed in an updated advisory issued this week by Treasury’s financial crimes enforcement unit.

The updated “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” from the Financial Crimes Enforcement Network (FinCEN) reflects information from the agency’s Oct. 15 Financial Trend Analysis Report. The advisory, part of Treasury’s effort to combat ransomware, addresses the role of financial intermediaries in ransomware schemes, trends and typologies of ransomware and associated payments, recent examples of ransomware attacks, and financial “red flag” indicators of such activity.

Noted “trends and typologies,” according to the advisory, include: extortion schemes, the proliferating use of anonymity-enhanced cryptocurrencies (AECs); use of unregistered convertible virtual currency (CVC) “mixing” services (mixing is a mechanism used to launder ransomware proceeds, FinCEN notes); cashing out through foreign CVC exchanges; collaboration and partnerships among  ransomware criminals; and more.

A description of 12 financial red-flag indicators of ransomware-related illicit activity is included to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with ransomware attacks. “As no single financial red flag indicator is indicative of illicit or suspicious activity, financial institutions should consider the relevant facts and circumstances of each transaction, in keeping with their risk-based approach to compliance,” FinCEN said. (See the complete report, linked below, for all 12 red flags.)


FinCEN advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments