For the full document
The field of heresy is growing as a global phenomenon, the scope of which is estimated About $ 20 billion a year And has been growing at an increasing rate in recent years, especially after the outbreak of the corona plague. An analysis of the cases of heresy in Israel shows an increasing level of sophistication and a significant increase in the extent of the phenomenon in recent years. in this context:
- In the past year, the number of cyber attacks has increased significantly (by an estimated up to 7 times), to millions of cyber attacks each year.
- Many of the attacks are aimed at significant targets, with 42% of large businesses in Israel experiencing cyber attacks.
- 91% of victims of online offenses do not report to the law enforcement authorities the cyber attack they have experienced (enforcement in the field is limited in light of the under-reporting phenomenon).
- About 80% of the organizations that decided to pay the ransom demand experienced a ransomware attack (according to surveys by technology and information security companies).
In light of this, the Ministry of Justice’s Anti-Money Laundering and Terrorist Financing Authority publishes a review regarding the utilization of the financial system for making ransom payments. The guide presents salient typologies and practices Identified in Israel and around the world as implemented by hackers, including payments in virtual assets (with an emphasis on Bitcoin), use of “disposable” digital wallets and service providers in virtual assets, registered in Israel to make the payments, including for foreign victims.
The document contains a great deal of information regarding the nature of the ransom payments and the mechanisms of the system, examples of reports received by the Authority on the subject, and Affair In it an economic investigation carried out by the Authority after the ransom money paid, led To Iran.
According to the authority’s estimates, in most cases of infidelity the victims try to commit Transfers of tens of thousands of shekels And to payments of Over $ 1 million for a single payment to ransom seekers. The average damage from a cyber attack in Israel indirectly is About half a million dollars for an attack. In addition, it is evident that All ransom payments reported to the Authority in Israel were made through transfers in Bitcoin currency.
The main ways of operating the transfer of the ransom money identified by the Authority focus on these main patterns of action (typology):
Use by foreign nationals of financial services providers (changers) who are not in the victim’s country, including the payment of ransom payments in Israel by foreigners (without affiliation with Israel); Use of international crypto trading platforms; Use of Money Mules, often by “rowers” who do not know the source and purpose of the transfers; Payment through crisis management companies, insurance companies or attorneys, with / without a full statement regarding the identity of the customer for whom the ransom is paid; conversion of fiat currency into an unsupervised exchange; transfer to “disposable” wallets; use of distributed exchanges (DeFi); and use of cards; Gift and exchange of funds for the purchase of sustainable products. Most of the use is made of virtual assets, which are easy to convert (such as Bitcoin), along with the use of higher anonymity coins, as well as buds for NFT use. Chain Hopping “to blur the path of transferring funds and” removing “them from the ransom event, for example by making transfers between multiple wallets in the same currency; transferring the ransom payment between multiple virtual coins (Chain Hopping) to the point of departure; Virtual in “Mixer”, with the aim of blurring its trajectory and purpose.
Red flags:
The document includes a series of red flags for the financial sector to identify activities in the field, including, for example, flags indicating a suspicious wallet address; Transfer to a “one-time” wallet; Use of an intermediary (including use of a crisis management company / cyber company / law firm / insurance company with / without a statement regarding the nature of the action and / or the person for whom the action is performed); exceptional information provided by the client; Lack of familiarity of the customer with virtual currencies; Use of technological means to perform an operation anonymously; Customer’s sense of pressure / urgency; Transfers in cryptocurrencies to high-risk countries including aspects of infidelity; Transfers to countries with which the customer has no financial connection; Use of mixers; Multiple transfers in a short period of time of virtual currencies to a customer’s wallet without an explanation of the source of the funds; Use / conversion for coins with high anonymity; Use of suspicious words in the description of the transfer and more.
Head of the Anti-Money Laundering and Terrorist Financing Authority, Dr. Shlomit Wegman-Ratner, She said: “The extent of ransomware attacks is increasing very rapidly. This is a phenomenon in which the original offense (extortion) and money laundering – overlap and almost completely coalesce. The Global Authority conducts economic investigations in the areas of growing and innovative crime, including dealing with online crime phenomena, virtual assets and ransom payments. “On virtual assets, it is expanding the circle of financial intelligence available to the Authority, and with the help of the red flags we are publishing today, we expect to receive more accurate and high-quality intelligence, which will help us crack further cases in this area.”