Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an “escalating global security threat with serious economic and security consequences.”
“From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity,” officials said in a statement released last week.
To that end, efforts are expected to be made to enhance network resilience by adopting cyber hygiene good practices, such as using strong passwords, securing accounts with multi-factor authentication, maintaining periodic offline data backups, keeping software up-to-date, and offering training to prevent clicking suspicious links or opening untrusted documents.
Besides promoting incident information sharing between ransomware victims and relevant law enforcement and cyber emergency response teams (CERTs), the initiative aims to improve mechanisms put in place to effectively respond to such attacks, while also countering the abuse of financial infrastructure to launder ransom payments.
The joint bulletin was issued by Ministers and Representatives of Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the U.A.E, the U.K., and the U.S. Notably absent from the list were China and Russia.
The international counter-ransomware collaboration comes as illicit payments topped nearly $500 million globally in the last two years alone — $400 million in 2020 and $81 million in the first quarter of 2021 — necessitating the payment flows that make the activities profitable are subject to anti-money laundering regulations and the networks that facilitate these payments are held accountable.
In late September 2021, the U.S. Treasury Department imposed sanctions on Russian cryptocurrency exchange Suex for helping threat actors launder transactions from at least eight ransomware variants, marking the first instance of such an action against a virtual currency exchange. “Treasury will continue to disrupt and hold accountable these ransomware actors and their money laundering networks to reduce the incentive for cybercriminals to continue to conduct these attacks,” the U.S. government said.
The development also comes following an independent report published by the department’s Financial Crimes Enforcement Network (FinCEN) on Friday, which potentially tied roughly $5.2 billion worth of outgoing Bitcoin transactions to 10 most commonly reported ransomware variants, in addition to identifying 177 unique wallet addresses used for ransomware-related payments based on an analysis of 2,184 suspicious activity reports (SARs) filed between January 1, 2011, and June 30, 2021.
In the first half of 2021 alone, ransomware-based financial activity is estimated to have extracted at least $590 million for the threat actors, with the mean average total monthly suspicious amount of ransomware transactions pegged at $66.4 million. The most commonly reported variants were REvil (aka Sodinokibi), Conti, DarkSide, Avaddon, and Phobos.
“Financial institutions play an important role in protecting the U.S. financial system from ransomware- related threats through compliance with BSA obligations,” the report noted. “Financial institutions should determine if a SAR filing is required or appropriate when dealing with a ransomware incident, including ransomware- related payments made by financial institutions that are victims of ransomware.”