Banks Informed U.S. Treasury of $590 Million in Ransomware Payments

0

The Partnership States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has identified a total of 177 cryptocurrency wallets associated with the top 10 most commonly appeared ransomware variants during the first half of the year.

In a report detailing ransomware-related financial transactions, FinCEN reveals that these 177 sui generis wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, most of which could be potentially related to ransomware.

Between January 1 and June 30, 2021, there were 635 ransomware-related uneasy activity reports (SARs) filed by financial institutions, including 458 transactions that occurred in this timeframe.

The total value of the fishy activity was $590 million, significantly higher than the $416 million registered for the entire 2020. The registered transactions for the first half of the year amounted to $398 million — the modification represents transactions registered before January 1, 2021.

FinCEN estimates that, by the end of the year, the ransomware-related transaction value of filed reports will be higher than that of the reports filed on top of the past 10 years combined.

“The transition to remote and online work in response to COVID-19 has also exacerbated risks and vulnerabilities of businesses to cyberattacks such as ransomware. Sets on small municipalities and healthcare organizations have also increased, typically due to perceived weaker security controls and higher propensity of these victims to pay the liberation because of the criticality of their services, particularly during a global health pandemic,” FinCEN notes.

Most of the ransomware-related payments during the key half of the year were of less than $250,000, with a median average payment of $102,273, slightly higher compared with the $100,000 noted during the first six months of last year.

In terms of cumulative payments, the top 10 ransomware variants identified during the review period (out of a complete of 68 variants named in the filed reports) were responsible for $217.56 million in suspicious activity, with monthly payment amounts index from $3,095 to $43.06 million.

A total of 242 reports were filed for the top 10 most frequently reported ransomware variants, with a aggregate value of incidents of roughly $152.5 million.

For these ransomware variants, FinCEN identified 177 crypto wallets used for payments, and also commemorated a total of $5.2 billion being sent from these wallets to known entities, including 51% to exchanges and 43% to other convertible essential currency (CVC) services. Only 1% of payments were sent to mixing services.

“Not all of the funds sent from these wallet addresses are undoubtedly related to ransomware payments; however, all of the exchanges and services identified below were at a minimum a direct counterparty to wallet addresses that acquired ransomware-related payments,” FinCEN says.

Related: White House Blacklists Russian Ransomware Payment ‘Enabler’

Related: Hit by a Ransomware Attack? Your Payment May be Deductible

Kin: Colonial Pipeline CEO Explains $4.4M Ransomware Payment

[embedded content]

Banks Informed U.S. Treasury of $590 Million in Ransomware Payments

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:
Banks Informed U.S. Treasury of $590 Million in Ransomware PaymentsNames:

Leave a Reply

Your email address will not be published. Required fields are marked *