U.S. Banks Processed Nearly $1.2 Billion in Ransomware Payments in 2021

Published: 03 November 2022

Ransomware ScreenRansomware is a type of malicious software that encrypts a victim’s files and holds it hostage until a ransom is paid. (Photo: Christiaan Colen, Flickr, License)

By Inci Sayki

U.S. financial institutions reported over $1 billion in ransomware-related payments last year, majority of which were accounted for by Russian hackers, found a new analysis by the U.S. Treasury Department.

The Treasury’s financial crime watchdog, Financial Crimes Enforcement Network (FinCEN), said in its Tuesday report there were 1,489 ransomware incidents costing nearly $1.2 billion in 2021, almost tripling the previous year’s $416 million in damages recorded.

These incidents were filed under the Bank Secrecy Act (BSA), which requires U.S. banks to report suspicious activity to federal authorities.

FinCEN said its analysis of “ransomware-related BSA filings for 2021 indicates that ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public.”

Especially in the second half of 2021, three quarters of all reported ransomware schemes were related to Russia, its proxies, or agents acting on behalf of it, the agency said.

Although ransomware is difficult to attribute, “these variants were identified in open source information as using Russian-language code, being coded specifically not to attack targets in Russia or post-Soviet states, or as advertising primarily on Russian-language sites,” said the report.

FinCEN concluded that during this period, four of the overall top five ransomware attacks reported were tied to Russia.

Additionally, the report found that in the past two years, hackers have been more selectively targeting larger enterprises and demanding bigger payouts.

One of the go-to tactics of ransomware groups since 2019 has been the “double extortion” tactic, the analysis said, in which the hackers steal their victim’s data, encrypt it, and threaten to publish it if their demands are not met.

The report’s publication coincides with a global summit hosted at the White House this week with representatives from 36 countries to address the growing threat of ransomware worldwide as well as other cybercrimes, such as laundering illicit ransomware proceeds.