Looking for opinions regarding the following situation:
Commercial customer receives a ransom virus, which freezes all computers & accounts held by the customer until a ransom is paid. Customer ends up paying the ransom, without allowing the bank to provide technical assistance if possible (such as obtaining IP addresses, providing some level of expertise, etc.). Ransom does NOT appear to have been paid from an account held with the bank. Amount of payment, method of payment, etc. are not known at this point due to the lack of communication between the customer and the bank (despite our continued efforts).
Even if the amount is above the $25,000 threshold (as I would assume that the ransom was paid utilizing as little information as possible, and we would not have full subject information), would this be something that the bank should file a SAR on, as it has knowledge of the situation, even though the funds did not pass through the bank? My initial thought is no, because the bank could not provide much information and therefore the SAR would essentially be useless to LE. Further, because the funds didn't pass through the bank, it would be considered voluntary at that point.
Life is like a bicycle. To keep your balance, you must keep moving.