1 minute read
Ransomware ups game as cyber criminals hone skills
CONTINUED FROM PAGE 1 information exchange with foreign jurisdictions may provide information on funds layered through domestic exchanges linked to foreign attacks/victims
Financial investigations
● Competent authorities should use both traditional law enforcement techniques (such as surveillance interception of communication and undercover operations) and virtual asset-specific methods when investigating ransomware-related money laundering Since most virtual assets operate on a public blockchain by combining blockchain analysis with traditional methods it may help identify criminals and trace the movement of illicit proceeds; and as soon as competent authorities are informed about the ransomware attack and the ransom payment, they must be given the legislative powers to act swiftly in tracing the ransom payment and to seize and confiscate assets within a matter of hours in order to prevent dissipation of the ransom that was paid
Skills and expertise
● In addition to traditional law enforcement skills, competent authorities should have the specialised skills and expertise, both legal and technological, necessary for a successful financial investigation which relates to ransomware;
● This includes develop- ment, access and training relating to blockchain analytics and monitoring tools which will assist them to access and to interpret information; and
● Specialised mechanisms should be implemented in order to manage seized virtual assets properly National policies and co-ordination
● National risk assessments should include identifying and assessing the money laundering risks posed by ransomware This may support national cyber strategies by achieving a holistic national overview of ransomware risk;
● Jurisdictions where money laundering is not currently a domestic threat must also adopt this because those jurisdictions may still be exposed to the illicit movements of ransomware proceeds due to the decentralised nature of virtual assets;
● Jurisdictions should develop co-ordination mechanisms across relevant competent authorities, ranging
COMPETENT AUTHORITIES
SHOULD USE BOTH TRADITIONAL LAW ENFORCEMENT TECHNIQUES AND VIRTUAL ASSETSPECIFIC METHODS from law enforcement, AML/CFT and cyber-crime authorities, to nontraditional partners such as cyber-security or data protection agencies This facilitates information and intelligence sharing and provides a platform for cross-sharing of various technical expertise; and
● There must be an implementation of mechanisms that support public-private co-operation VASPs and other non-traditional partners should be included in such co-operation mechanisms
International co-operation
● Jurisdictions should establish and actively participate in bilateral, regional, and multilateral mechanisms, such as using liaison offices and establishing clear 24/7 con- tact points, to facilitate rapid international co-operation and information exchange
The FATF report contains crucial information about the financial flow of ransomware payments and associated money laundering These illicit transactions move quickly across multiple jurisdictions, making them challenging to investigate
By sharing good practices, the FATF aims to help jurisdictions respond promptly to ransomware attacks, thus increasing the success rate of investigations
The report highlights the need for a co-ordinated approach to counter ransomware payments and related money laundering effectively
