FinCEN Warns Russian Ransomware Attacks May Increase

russian ransomware attacks

The US Financial Crimes Enforcement Network (FinCEN) issued an alert, warning about the potential for increased ransomware attacks originating from Russian actors.

FinCEN believes this may be part of a larger attempt on part of Russia to circumvent sanctions imposed by the west at large and by the United States in particular as a response to the Russian military invasion of Ukraine.

FinCEN calls for raised alertness

The alert is intended to serve as a warning to all US-based institutions, especially financial institutions, to be extra careful when it comes to attempts of Russian entities to "circumvent" the imposed sanctions. The alert focuses on the use of digital currencies and specifically, any possible ransomware payouts carried out using crypto, following attacks by Russian digital threat actors and "oligarchs".

There are no current reports of meaningful instances of evasion of imposed sanctions, however, FinCEN warns that every instance of suspicious activity, no matter how minor it may be, needs to be reported immediately and examined in detail.

There has already been a visible uptick in the activity of Russian and Belarusian hacker groups, with attacks targeting Ukrainian entities, as reported by Google's Threat Analysis Group a few days ago.

Worries over crypto – justified or not?

Authorities worry about payments being carried out in crypto because unlike traditional payments, crypto is much more loosely regulated both in the US and worldwide.

While the alert was issued highlighting the possibility of moving sums between the two countries using cryptocurrency, other analysts have been more skeptical about this ever happening on a "meaningful scale".

While there is a notion that crypto transactions are completely untraceable, Threatpost quoted Rosa Smothers, a former CIA threat analyst, who brought up the case of the Colonial Pipeline ransomware attack of early 2021. In this instance, millions of dollars in crypto were seized and later returned to Colonial.

March 10, 2022