FinCEN updates Advisory on Ransomware

FinCEN has announced its release of an updated advisory, FIN-2021-A004, "Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments." The release was made in connection with a set of actions announced Monday by the Treasury Department and focused on disrupting criminal ransomware actors. Yesterday's Advisory replaces advisory FIN-2020-A006, issued October 1, 2020.

The updated advisory is in response to the increase of ransomware attacks in recent months against critical U.S. infrastructure, such as the May 2021 ransomware attack that disrupted the operations of Colonial Pipeline, the largest pipeline system for refined oil products in the United States. This attack led to widespread gasoline shortages that affected tens of millions of Americans. Other recent targets include entities in the manufacturing, legal services, insurance, financial services, health care, energy, and food production sectors.

This amended advisory reflects information released by FinCEN in its Financial Trend Analysis Report issued on October 15, 2021, and is part of the Department of the Treasury’s broader efforts to combat ransomware. In particular, this updated advisory identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers.

The updated advisory comes with FinCEN's request that financial institutions reference "CYBER FIN-2021-A004" in SAR field 2 and the narrative, and select SAR field 42 when filing suspicious activity reports on suspicious activity that may be related to ransomware attacks.