Four Questions: A Look at the State of Ransomware, Sanctions and Other Global Issues

Sam Cousins

Sam Cousins is a senior associate at ACAMS, where his work includes supporting public-private partnerships and strengthening ACAMS’ thought leadership pillar through the development of content on sanctions and risk, particularly the Sanctions Masterclass program and Global Monthly Update. Cousins’ work also focuses on countering ransomware financing, which includes enhancing industry awareness of the anti-financial crime risks associated with ransomware attacks and supporting the mitigation of those risks through policies, training and public-private dialogue.

Prior to ACAMS, Cousins worked on the sanctions policy team at UK Finance, the trade association for the U.K. banking sector.

ACAMS Today (AT): As a senior associate on ACAMS’ Thought Leadership Team, you specialize in sanctions, ransomware and risk at ACAMS. Could you tell us about what a typical (or atypical) workday entails?

Sam Cousins (SC): I think many sanctions professionals will be able to relate to a somewhat simplistic answer—very few days are typical! Our work varies considerably based on both the current and ongoing sanctions environment (i.e., pivoting in response to the introduction of new restrictions or a new regime) and the priorities of our stakeholders. Generally speaking, the consistent pieces of work for me often entail working on the ACAMS Sanctions Masterclass Program, our Sanctions Monthly Updates, our various conferences and symposia, as well as ad hoc projects including publications, training and working with members and government partners. One of the things I love most about working in sanctions and cyber is that no two days are the same, and there are always new developments to read up on.

AT: Could you provide readers with a state of play for ransomware attacks? What are some of the key things readers should consider?

SC: Ransomware by its very nature is hard to measure in an objective and accurate way—only a fraction of victims will become publicly known, and many go unreported even to government. One of the quantitative metrics we have—outside of official figures by government—is analysis of cryptocurrency transactions by blockchain analytics firms such as Chainalysis, which seemingly indicates that ransomware continues to rise (despite a dip in profits in 2022).

Our work on ransomware at ACAMS is focused on the financing element of ransomware—both how the financial system and compliance frameworks can be utilized to counter ransomware financing, and equipping industry with the tools and knowledge to understand and mitigate the financial crime risks ransomware can present. As the sanctions tool is increasingly used to throttle the ransomware payment ecosystem, the risks for both victims and the financial sector increase as a sanctions nexus becomes more likely in any ransomware payment. Unfortunately, ransomware sanctions risks and ransomware financing is still relatively poorly understood, and there is still a lot of awareness raising to be done.

AT: What steps must be taken in terms of policymaking, awareness building and training, and dialogue between the public and private sectors in order to mitigate serious ransomware risks?

SC: An enormous amount of progress has been made over the past couple of years, but ransomware is a constantly evolving threat. There are multiple avenues for countering ransomware, and a core feature has been focusing on cybersecurity and the concept of good cyber hygiene—that organizations ensure they are protecting themselves from cyber threat actors as much as they can. This is an essential pillar in combating ransomware, but for the foreseeable future it remains an inevitability that successful breaches and attacks can and will happen, and there are a number of avenues for mitigating and constricting actors from attaining their ill-gotten gains (and reinvesting them into further attacks).

Beyond this, the robust targeting of ransomware threat actors and their money launderers through sanctions by the U.S. has made big steps in reducing its profitability, taking down darknet markets (i.e., Hydra), mixing services, rogue exchanges and other actors. While such activities will always be displaced, these actions are made more effective when taken multilaterally, and the U.K.’s first ransomware designations earlier this year appear to be a positive step. Industry can also play its part by ensuring it has an understanding of ransomware sanctions and money laundering risks, internal controls, and policies and procedures for identifying ransomware payments and determining the course of action should a client suffer an attack.

Another avenue that has seen considerable success is international law enforcement cooperation—often led by the FBI—to disrupt ransomware actors, recover ransom payments and even provide victims the ability to recover access to their systems. The most notable example is perhaps the takedown of the Hive ransomware group, preventing the payment of over $100 million to attackers.

AT: What is your outlook for the international sanctions landscape over the next year in regard to the Russian war on Ukraine, tensions involving China and North Korea and developments in the Middle East? What should we expect over the next 12 months?

SC: Sadly, I think a lot of the security threats and geopolitics underpinning sanctions regimes appear set to continue, if not grow. Even looking beyond Russia—which has of course dominated the sanctions space over the past year—North Korea’s weapons of mass destruction program continues to develop, with new missile tests earlier this year, posing significant security challenges for the Asia-Pacific region and beyond.

It appears that it is likely that we may see the full breakdown of the Joint Comprehensive Plan of Action (with a key deadline in October this year), potentially leading to a snapback of United Nations sanctions on Iran and placing the final nail in the rapprochement that had been achieved in 2015. It is likely that such developments will cause Iran to step up its malicious activities in the region, including its development of a nuclear program as well as unmanned aerial vehicle support to Russia.

Turning to China and the U.S., it appears that tensions are set to continue to escalate. There is significant bipartisan support for further export controls on China, following a number of moves already made over recent years to target particular industries including artificial intelligence and supercomputing.

Other areas where governments are focused on sanctions includes Captagon smugglers in Syria (a multibillion-dollar industry believed to be facilitated by high-level government officials), increasing focus on metals and minerals in Africa, drug trafficking in Latin America, and global human rights abuses in Haiti, Myanmar and elsewhere.

To submit topic ideas or comments, email editor@acams.org. 

Interviewed by: ACAMS Today editorial, ACAMS, USA

Leave a Reply