Ransomware concept
Image: Rzt_Moster/Shutterstock

As the United States and its companies distance themselves from Russia in the wake of its invasion of Ukraine, the Treasury says Russia may be attempting to avoid the sanctions by utilizing ransomware payments to do so. A statement from the Financial Crimes Enforcement Network (FinCEN) says that an alert has been issued for financial institutions to be careful in preventing Russia from evading the restrictions the U.S. has placed on the Eastern European country.

“In the face of mounting economic pressure on Russia, it is vitally important for U.S. financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said Him Das, FinCEN’s acting director. “Although we have not seen widespread evasion of our sanctions using methods such as cryptocurrency, prompt reporting of suspicious activity contributes to our national security and our efforts to support Ukraine and its people.”

SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

Red flags for financial institutions

FinCEN has warned that after the pressure the U.S. government has placed on the countries of Russia and Belarus due to the invasion, that unsanctioned banks and financial institutions from these countries may still have access to the international financial markets. By utilizing convertible virtual currency (CVC), which still remains unregulated, Russia and Belarus may attempt to complete transactions from CVC wallets. The federal agency also reiterated that financial institutions should report any suspicious activity that may be coming from these two countries.

In a separate document issued by FinCEN on March 7, the governmental body laid out several red flags that financial institutions should be aware of when looking for sanction evasion, such as:

  • Attempts to break the “chain of custody” on CVC by initiating a number of quick trades across several types of digital coins, “with no apparent related purpose, followed by a transaction off the platform.”
  • A customer initiating a transfer of funds involving a CVC “mixing service”, or the attempt to mix potentially identifiable or tainted cryptocurrency funds with others, so as to obscure the trail back to the fund’s original source.
  • A customer having either direct or indirect receiving transaction exposure identified by blockchain tracing software as related to ransomware.

One cryptocurrency exchange, Coinbase, has already announced they will be honoring the sanctions placed on Russia by blocking sanctioned actors, being on the lookout for attempts at evasion of restrictions and attempting to anticipate threats coming from Russia or Belarus. Coinbase said in its blog post that “ordinary fiat currency laundered through traditional financial institutions remains one of the most common mechanisms for sanctions evasion and money laundering.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Attempt at crypto regulation

On March 9, President Joe Biden signed an executive order in an attempt to regulate the cryptocurrency industry, directing federal agencies to measure the risks involved with crypto and whether to create an American digital currency. Due to the current lack of regulation, the CVC earned through Russian-sponsored ransomware attacks is difficult to trace, making the movement of money difficult to follow.

“Cryptocurrency is only useful when there is a point of sale – the average Russian grocery store or petrol station is not accepting virtual currency, but for the tech savvy or oligarch with a need to move money, they can hire the talent to move the transactions,” said Rosa Smothers, SVP of Cyber Operations at KnowBe4. “While cryptocurrency does provide privacy for storage and process transactions, the transparency provided by blockchain could make the movement of large amounts of cryptocurrency detectable by law enforcement – recall the Department of Justice’s seizure of millions of dollars in Bitcoin that Colonial Pipeline paid to ransomware attackers.”

If affected by ransomware, the FBI has urged users not to make any payments and to report any suspicious activity to their local field office, as making a payment is no guarantee the device or data affected will be returned to the user after payment is made. Assuring that a good antivirus software is available on devices such as PC’s is crucial according to the law enforcement agency, along with securing backups of data and making sure to back up data on a regular basis.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday