FinCEN Alert: Malware/Ransomware Updates & New Perimeter Device Vulnerability – Technology

To print this article, all you need is to be registered or login on

FinCEN Alert: The first week of March involved
a number of developments in cybersecurity due to the Russia/Ukraine
conflict. The Financial Crimes Enforcement Network (FinCEN)
released an alert on March 7 advising all financial institutions to
be vigilant against efforts to evade sanctions imposed in
connection with the Russian invasion of Ukraine. It does not impose
new requirements, but outlines “red flags” to remind
financial institutions of their Bank Secrecy Act (BSA) reporting
obligations, including those pertaining to convertible virtual
currency (CVC). The primary focus of the FinCEN alert appears to be
eliciting cooperation of financial institutions in identifying
hidden Russian and Belarusian assets.

Wiper Malware Explained: Modular forms of
malware with either anti-forensic and/or wiping capabilities have
been used maliciously for years, including in the infamous attack
on Saudi Aramco in 2012. In that incident, Shamoon malware was used
to wipe files and overwrite the Master Boot Record (MBR). This past
week, new forms of malware with similar wiping capabilities have
been identified, such as WhisperGate,
HermeticWiper/Trojan.Killdisk, Windshield, and IsaacWiper.

While capabilities of certain wiper malware may vary, their
destructive result is similar – the manipulation of files, by
inserting random lines of code, render the files inaccessible. By
overwriting the MBR, the operating systems and file systems are
rendered inaccessible, and the hard drive is wiped entirely.
Attacks with this type of malware are often accompanied by
self-propagating properties, facilitating deployment across an
entire environment. This creates substantial difficulties with
restoration and results in the loss of evidence.

Conti Ransomware Update: Conti made
international media headlines in their professed alliance with the
Russian government. While this was walked back in a subsequent
posting, it caused other groups to target their infrastructure and
leak their internal chats on February 27. It appears that Conti
then began…