AML, AML/CFT, CFT, Colonial Pipeline, crypto AML, Crypto Compliance, Cryptocurrency, Cryptoregulation, Cybercrime, Ransomware,
Colonial Pipeline ransomware: what happened?
The use of ransomware has intensified in the past months. Indeed, the Covid-19 crisis and the democratization of teleworking and poorer security encourage criminal to use ransomware. The two latest ransomware hit two US companies: Colonial Pipeline, the operator of the largest fuel pipeline in the US, and JBS, the world’s largest meat supplier.
Ransomware is malware that can encrypt data from the targeted person or entity. The person behind the malware asks for a ransom to unlock the data. The ransom is generally paid in cryptocurrency due to its anonymous characteristic, and its so-called difficulty to trace.
On May 8, Darkside hacking group, which allegedly originate from Eastern Europe, attacked and locked Colonial Pipeline systems. The ransomware forced the operator of the largest fuel pipeline in the US to shut down. This led to fuel shortage, price increase, and panic buying in southeast areas of the country. To respond to this, the DOJ decided to give ransomware investigations the same priority as terrorism as reported by Reuters.
Did Colonial Pipeline pay the ransomware?
The company quickly decided to pay the ransom amounting to $4.4 million in order to resume its operation quickly. However, authorities discourage paying ransoms. Indeed, it could incite malevolent actors to continue using such techniques to defraud people or entities. In October last year, the US Treasury Office of Foreign Assets Control (OFAC) issued an advisory warning. It states that companies helping ransomware payments to cyber attackers on behalf of victims may risk violating OFAC regulations.
On June 7, the US Department of Justice (DOJ) announced that it had seized 63.7 bitcoin, amounting to around $2.3 million, from the ransomware paid by Colonial Pipeline to the wallet bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq.
The DOJ did not comment further on how it was able to access Darkside wallets and seize the coins.
How to monitor ransom funds and mitigate risks?
Today, different solutions are available in the market to mitigate risks related to cryptocurrency usage.
Scorechain Blockchain Analytics suite helps companies to satisfy risk mitigation requirements set by worldwide regulators.
- Scorechain’s team flags ransomware activity and assigns it a low score. Compliance officers should treat wallets from this entity with caution since they represent an increased risk in money laundering.
- This low score also impacts the score of the wallets it has transacted with. The scoring also appears on transaction pages as shown below.
Transaction scoring on Scorechain Bitcoin Analytics Platform
- Risk indicators can display if a wallet has links with ransomware funds. In the example below, we can see that the wallet received funds from the Colonial Pipeline Ransomware. The wallet is thus very risky.
Scorechain also provides its users with useful tools to manage cases and investigate crypto wallets from A to Z such as the Entity Directory or the Case Manager.
Ransomware is one kind of risk that can stem from cryptocurrency usage, there are also other risky patterns that compliance teams should take into consideration to mitigate ML/TF risks and satisfy crypto regulations. Scorechain Blockchain Analytics Suite provides a wide range of risk-AML scenarios to help companies dealing with cryptocurrencies in their compliance journey. Interested? Don’t hesitate to reach out to schedule a demo: email@example.com
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves more than 100 customers worldwide in 36 countries, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.