The State of Financial Crime in 2023
The convergence of ransomware and cryptocurrencies is accelerating. Uncover how firms can protect themselves from mounting cyber threats and other key financial crime trends.
Download nowOn February 9, the UK Office of Financial Sanctions Implementation (OFSI) issued new public guidance on ransomware and financial sanctions. The report reminds firms that making ransomware payments to designated entities is prohibited and that breaching financial sanctions is “a serious criminal offense”.
Our 2023 global compliance report explored how ransomware increased in scale and variety through 2022, with the UK having the highest number of cybercrime victims per million internet users – up 40 percent from 2020 figures. As a result, the National Crime Agency (NCA) is now calling ransomware a “tier one national security threat”.
OFSI’s guidance speaks to this rising threat, highlighting the impact of ransomware payments, sectoral sanctions risks, and the UK’s cyber sanctions legislations following the country’s exit from the European Union.
Additionally, the report highlights guidance from the National Cyber Security Centre (NCSC) on cyber resilience measures that significantly reduce the risk and impact of a successful ransomware attack. These measures include:
Commenting, NCSC CEO Lindy Cameron said, “It is vital organizations take immediate steps to limit their risk by following the NCSC’s advice on how to put robust defenses in place to protect their networks.”
On the same day that OFSI’s guidance was published, the NCA announced the designation of seven Russian cybercriminals with links to the ransomware group behind some of the most damaging attacks on the UK in recent years. According to the NCA, the group is responsible for extorting at least £27 million from over 100 UK victims, including schools, hospitals, and local authorities.
The sanctions are the result of a collaboration between OFSI and the US Treasury Department’s Office of Foreign Assets Control (OFAC) to tackle international cybercrime. Described as an “enhanced partnership”, OFSI and OFAC released a joint statement in October 2022 announcing their coordinated efforts to mitigate cyber threats and the misuse of virtual assets. Specifically, the partnership will see the agencies:
Managing the risk of ransomware is becoming increasingly complex. Compliance teams must boost their cyber defenses and practice good cyber hygiene. Digital-native firms not operating Bug Bounty programs – incentive-based programs designed to stress test platforms for potential flaws – should also consider implementing them, alongside frequently-scheduled pen testing exercises.
Compliance staff wanting to increase their understanding of ransomware tactics used by threat actors should review the LockBit and Royal Mail negotiation, which was leaked following the postal company refusing to pay £66 million after its January cyberattack.
For further advice on minimizing potential harm from ransomware attacks, smaller organizations should refer to the NCSC’s Small Business Guide.
The convergence of ransomware and cryptocurrencies is accelerating. Uncover how firms can protect themselves from mounting cyber threats and other key financial crime trends.
Download nowOriginally published 16 February 2023, updated 17 February 2023
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).