The vast majority of ransomware payments went to Russian-based hackers, the department’s financial crime unit, FinCEN, also noted.
2021 Saw Over $1 Billion in Ransomware Payments
FinCEN released its report on Tuesday, Nov. 1, 2022, saying 1,489 ransomware incidents costing about $1.2 billion in total made 2021 a record-breaking year for ransomware payouts. The report came as Washington D.C. held a second two-day Counter Ransomware Initiative (CRI) summit within one month of the first meeting. The second CRI summit saw the Biden administration, major cybersecurity firms such as Mandiant, and Big Tech organizations like Microsoft and others convene with international allies to discuss ransom payments and ransomware defenses on Nov. 1. Russia was “notably” absent from these talks, according to CNN. “Today’s report reminds us that ransomware – including attacks perpetrated by Russian-linked actors – remains a serious threat to our national and economic security,” FinCEN Acting Director Himamauli Das said. The report also underscores how important BSA (Bank Secrecy Act) filings are and how important it is for banks to fulfill BSA compliance obligations for uncovering ransomware trends and patterns, he added.
75 Percent of Ransomware Incidents Linked to Russia Hackers
The spike in ransomware payouts was particularly notable between July to December, U.S. banks said, with figures attributed in part to the White House‘s increased monitoring of national cybersecurity, while rising international ransomware activity is also a major driver, FinCen said. Furthermore, the U.S. colonial pipeline attack of 2020 is also a major event that is now underpinning the U.S.’s focus on strengthening national cybersecurity, particularly due to the rising danger of critical infrastructure attacks. Approximately 75 percent of ransomware-related incidents reported to FinCEN during the second half of 2021 were linked to Russia-related ransomware malware variants. The five most common ransomware malware tools used in ransomware crimes are all connected to Russian cybercriminal groups, FinCEN said. In February this year, blockchain analysis firm, Chainalysis, released a study that said Russian cybercriminals are a major driving force in global ransomware operations. Data breaches and ransomware also top the list of global security risks, according to global insurance leader Allianz.