Fighting The Rise in Ransomware Attacks: The Value of Breaking Through Silos

Originally published in Banking Journal.

The shift to remote work has had many positive effects on the lives of many people around the world. Unfortunately, this is also true for the creators of ransomware.

Global ransomware attacks for the first half of 2021 surged 47 percent over 2020, which was already a banner year for these type of attacks. Notably, this trend disproportionately impacted banks, experiencing a 1,318 percent increase in attacks. The FBI and the Cybersecurity and Infrastructure Security Agency expect things to only get worse through the holidays as the seasonal increase in shopping and festive mood create a mix of opportunity and relaxed defenses for bad actors to exploit.

The White House has taken notice, forming a task force earlier in the year with a mandate to develop a national ransomware strategy. Among the proposed measures, perhaps the most aggressive is a plan to disincentivize fraudsters by choking off profits through a ban on all ransomware payments.

While this measure raises understandable concerns for businesses faced with the possible loss of access to critical information and systems, it also demonstrates a significant shift in thinking in the government.

A classic silo problem

Too often, we think to block criminal activity by focusing on the methodologies criminals use. To stop ransomware, we need better cybersecurity practices; to stop illegal fishing, we need better monitoring of fishing vessels; to stop human trafficking, we need more surveillance of people crossing the border.

The current model makes sense on the surface, and we certainly need to continue doing all of these things. But, as things stand, we are missing half of the picture. The techniques and tools needed to police these crimes are entirely different; they fall under the purview of various agencies and require specialized skills. The only common element across these and most other types of crime is the motivation—the criminals are in it to make money.

All too often, the payoff is the easy part. According to the UN, we catch less than 1 percent of money laundering today. The act of committing the crime itself poses the most significant risk for criminals. Once they have the money, the odds are good that they will be able to clean it and use it. They consider occasional asset seizures as a mere cost of doing business.

There is a systemic disconnect between the law enforcement experts who understand how the criminals commit the predicate crime and the financial industry experts who understand how the money moves. In organizational terms, it’s a classic silo problem.

This anecdote is especially relevant: A law enforcement agent training district attorneys in using SARs in support of investigations noted that a surprising number of them were unaware of FinCEN’s capabilities or the wealth of information available from financial institutions that could help them with prosecution. Al Capone was indicted for tax evasion, not for his myriad other crimes. How many similar arrests could happen if these information silos didn’t exist?

Law enforcement agencies understand the nuances of catching criminals based on the unique characteristics of each crime, but are much less familiar with techniques to follow money flows to put a larger picture together. The financial services industry faces the opposite challenge—it can see all of the money flows, but it rarely has the context needed to help differentiate between innocent activity and international organized crime.

FinCEN is aware of this gap and is taking steps to address it. In October, FinCEN’s Acting Director Himamauli Das spoke to the need to enhance public-private partnerships, noting that combatting ransomware is a “shared effort.”

As I wrote here in January, the AMLA gave FinCEN a mandate to modernize. Eleven months later, FinCEN is still buried in tasks related to that mandate. With only 300 employees, FinCEN may have the most challenging ratio of work to be done to resources available to do the work of any regulatory agency.

Elevating new thinking

Over the past two years, the explosive growth in ransomware has helped shine a spotlight on the money motive in crime. The banking industry should do its utmost to elevate this conversation and support FinCEN in its efforts to adopt new thinking. Other than asking Congress to give them more money, what can we do? Here are three suggestions:

Reach out to support the creation of information feedback loops. A much more significant portion of the law enforcement community needs to understand what the financial industry can do to help. Likewise, the financial sector needs more context from law enforcement to understand the complete picture of what they are seeing. In a D.C. region fusion center meeting that I attended recently, a federal prosecutor spoke about creating a tip line that banks can use to help call attention to SARs warranting immediate attention. Consider reaching out to your local federal district attorney’s office and asking if they have something similar.

Leverage privacy-enhancing technologies to enable privacy-safe information sharing. Encryption techniques can facilitate AML collaboration in a way that complies with data security laws. There are many startups developing this technology out there, and the UK Financial Conduct Authority has hosted multiple “tech sprints” exploring how this technology can work and invited US agencies to attend. Keep your eyes open for regulators here in the US to make similar moves as the AMLA roll-out continues.

Develop approaches in accordance with the anti-money laundering act of 2020. This legislation specified many elements intended to promote collaboration between the financial industry and law enforcement. These include both traditional write-ups of evolving patterns and machine-interpretable information that can feed directly into monitoring systems.

Modern criminals are tech-savvy, agile, and motivated by money. They often work in syndicates and share information through their networks. There is no better way to fight them than by joining forces to choke off their profits.

Of course, it is also important to continually enhance your cyber security defenses. Thankfully, the ransomware surge triggered the creation of many new tools to combat the scourge. ABA’s ransomware toolkit and the Cybersecurity and Infrastructure Agency Stop Ransomware site are great places to start.