According to a report released on Tuesday by the U.S. Financial Crimes Enforcement Network (FinCEN), banks reported paying ransomware offenders a record $1.2 billion in 2021.
When hackers infiltrate a computer network, they electronically lock it until a "ransom" is paid. This is known as a ransomware attack. They frequently sell the software they use on the dark web to criminals. They typically want cryptocurrency as payment.
Although several institutions are being attacked, banks are mandated by the Bank Secrecy Act to submit ransomware attacks and suspicious activity reports (SARs) to FinCEN, along with amounts.
The Anti-Money Laundering Act of 2020 requires FinCEN to assess the SAR data it receives and make it available to the public.
Banks claimed that ransomware attacks cost them $1.19 billion in 2021 and that they were the target of at least 1,251 attacks. The FinCEN report states that in 2020, there were 602 recorded incidents and $416 million was paid out. In 2019, 243 attacks totaling $281 million were reported.
FinCEN stated that it is currently unsure if the increase in 2021 represents a true trend or better reporting by banks. In the fall of 2021, FinCEN and the Office of Foreign Assets Control of the U.S. Treasury released ransomware advisories and encouraged banks to report attacks. According to FinCEN, the advisories might have played a role in the overall rise in reported attacks.
In 2021, 132 ransomware attacks on average per month were reported.
793 ransomware attacks totaling $488 million in damages were reported from July 2021 to December.
In contrast to the first half of 2021, when banks paid ransomware perpetrators an average of $102,273, banks paid them an average of $135,000 during the second half.
According to FinCEN, 594 attacks, or 75% of all attacks in the second half of 2021, were carried out by Russia directly or through proxies or other representatives acting on its behalf. These Russian-related attacks cost close to $338 million.
Officials refer to the various ransomware types as "variants" since ransomware perpetrators frequently create their own ransomware. The attacks that took place in the second half of 2021 involved 84 different ransomware variants, according to FinCEN. A t least 49 of the versions were linked to Russian cyberterrorists. According to amounts received from banks, the top five versions were all connected to Russia, said FinCEN.
In a statement that was part of the announcement, FinCEN Acting Director Himamauli Das stated that "Ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security."
According to Das, the research "underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks."
By fLEXI tEAM