Austrac outlines how to spot ransomware and detect abuse of digital currencies

Australia’s financial intelligence and regulatory body Austrac has released two financial crime guides to help businesses detect and prevent criminal abuse of digital currencies and ransomware.

Each guide offers practical advice to help businesses identify if a payment is related to a ransomware attack, or if someone is using digital currencies and blockchain technology to commit crimes such as money laundering, scams, or terrorism financing.

Some of the specific indicators Austrac advises to watch out for when identifying if someone is using digital currencies for terrorism financing, for instance, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism focused forums, or when a customer account receives multiple small deposits, which are immediately transferred to private wallets.

When it comes to identifying potential scams related to digital currencies, Austrac listed that some of the potential indicators could include a customer not fitting the “usual profile” of a digital currency trader or investor; when a customer shows little knowledge regarding digital currency during on-boarding but purchases digital currency quickly and sends the funds to another digital currency address; and when a customer advises that they are employed to purchase digital currency on-behalf of another individual or company.

Meanwhile, some indicators of detecting when a person is a victim of a ransomware attack, according to Austrac, includes when a customer increases the limit on their account and then quickly sends funds to a third party; following an initial large digital currency transfer, a customer has little or no further digital currency activity; and when a newly on-boarded customer wants to make an immediate and large purchase of digital currency, followed by an immediate withdrawal to an external digital currency address.

“Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks,” Austrac CEO Nicole Rose said.

The guides have been released in response to the increase in cyber threats to Australia. According to the Australian Cyber Security Centre, 500 ransomware attacks were reported in the 2020-21 financial year, an increase of nearly 15% from the previous year.

Just last week, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online.

According to IDCare, these details included the driver licence, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders.

IDCare initially uncovered the breach in late January when it saw a post for sale on a Chinese-speaking forum for $150, before it was eventually posted to be accessed for free on another online forum called Breached.

“This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us,” IDCare said.

IDCare at the time of issuing its statement said its attempts to contact affected individuals directly had not been successful, nor had its attempts to engage with the former operators of AlphaEx “with some speculation detected online about the merits of their operations”.

Related Coverage 

• Extended cyber detection and response facing implementation challenges in APAC
• Trio of Home Affairs Bills covering cyber, ransomware, telco data enter Parliament
• Australia launches federal cybercrime centre as part of national plan
• Australia’s new ransomware plan to create ransomware offences and reporting regime