A new report from the Financial Crimes Enforcement Network (FINCEN), a bureau of the U.S. Department of the Treasury that analyzes information about suspicious financial transactions, finds that reported ransomware-related incidents have substantially increased from 2020, with related transactions hitting $1.2 billion in 2021.
The report also laid the majority of the blame on Russia, with about 75% of the ransomware-related incidents reported to the bureau during the second half of 2021 being associated with Russia-related ransomware variants.
According to the report, ransomware incidents and their dollar values rose rapidly between 2020 and 2021, with FinCEN receiving 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% increase compared to the $416 million reported in 2020. This could reflect an increase of ransomware incidents, improved reporting and detection, or both.
FinCEN also reported a slight increase in median ransomware payments over the last year, with the first half of the year seeing a median sum of $102,273 and the second half rising to $135,000. According to the bureau’s analysis, that increase could be attributed to Russia.
In fact, FinCEN says four of the top five ransomware variants reported during the second half of 2021 are connected to Russia. Of 793 ransomware related incidents reported to FinCEN during the second half of 2021, about 75% pertained to Russia-related variants. These variants also make up 69% of the total ransomware related incident value during the review period, according to the report.
In addition to implementing best practices to protect against ransomware attacks, FinCEN says organizations should contact law enforcing immediately, including the Treasury’s Office of Foreign Assets Control if there is a reason to suspect the attacker may be from a sanctioned country such as Russia.
Banks should also report suspected ransomware payments or “cyber event indicators” to FinCEN that includes information regarding variants, requested method of payment and other information.
“Today’s report reminds us that ransomware—including attacks perpetrated by Russian-linked actors— remain a serious threat to our national and economic security,” says FinCEN Acting Director Himamauli Das. “It also underscores the importance of [Bank Secrecy Act] filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply