U.S. financial institutions reported nearly $1.2 billion on likely ransomware-related payments last year, most commonly in response to breaches originating with Russian criminal groups, according to the Treasury Department.
The payments more than doubled from 2020, underscoring the pernicious damage that ransomware continues to wreak on the private sector. The Financial Crimes Enforcement Network, or FinCEN, said its analysis “indicates that ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses and the public.”
Financial institutions filed 1,489 incidents related to ransomware in 2021, up from 487 the year before, according to data collected under the Bank Secrecy Act. FinCEN’s analysis included extortion amounts, attempted transactions and payments that weren’t made.
In the U.S., banks are required to file suspicious activity reports to help the government detect money laundering or other criminal activity.
FinCEN said the top five highest-grossing ransomware variants from the second half of 2021 are connected to Russian cybercriminals. The damage from Russian-related ransomware during that period totaled more than $219 million, according to the data.
Treasury’s report comes as a U.S.-hosted ransomware summit in Washington brings together nearly three dozen countries to tackle a scourge that’s hobbled businesses, non-profits and government agencies globally. The pace and sophistication of those intrusions is increasing faster than the U.S.’s ability to disrupt them, a senior Biden administration official said Sunday.
FinCEN said its analysis was in response to the increase in both number and severity of recent ransomware hacks against U.S. critical infrastructure. The jump, officials said, could also be reflective of institutions getting better at identifying and reporting incidents.
The findings were previously reported Tuesday by CNN.
In March, President Joe Biden signed sweeping legislation that mandates certain sectors report breaches to the U.S. Department of Homeland Security within 72 hours of discovery of the incident, and 24 hours if they make a ransomware payment.
Ransomware actors continue to release private troves of data if their demands aren’t met. Their targets include a breach this fall on the Los Angeles Unified School District, in which confidential information about students was leaked when the ransom wasn’t paid.
Local journalism is essential.
Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.
Subscribe now to get breaking news alerts in your email inbox
Get breaking news delivered to your inbox as it happens.