With increased scrutiny from a litany of regulators, cryptocurrency exchanges and financial institutions are now required to monitor, flag and report suspected ransomware payments. Doing so calls for a range of technological capabilities and a sophisticated approach to identifying suspicious patterns in transactions. But compliance teams and the businesses that employ them face stiff consequences if they fail.
As ransomware attacks become increasingly common and threatening, the U.S. government has signaled its determination to prevent them. One of the government’s strategies is to prevent ransoms from being paid to sanctioned actors—and to generate both financial and cyber threat intelligence—through the filing of cyber-related suspicious activity reports (cyber SARs). In particular, the U.S. Department of the Treasury has focused on the role of cryptocurrency or virtual currency exchanges, issuing multiple advisories encouraging exchanges to incorporate ransomware-related risks into their anti-money laundering programs.
Broadly, ransomware is a type of malware that uses encryption to prevent access to a computer system or specific data. Until the ransom is paid, the threat actor holds the system or information hostage, often to devastating operational effect. Ransomware victims span…
