U.S. banks processed about $1.2 billion in ransomware payments in 2021
A laptop displays a message after being infected by ransomware as part of a worldwide cyberattack on June 27, 2017.
Rob Engelaar | AFP | Getty Images
U.S. banks and financial institutions processed roughly $1.2 billion in likely ransomware payments in 2021, a new record and almost triple the amount of the previous year, according to a federal financial crimes watchdog.
The total represents payments bank clients have made to possible cybercriminals. U.S. banks report the suspicious transactions to federal authorities under the Bank Secrecy Act.
Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report released Tuesday from the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, which analyzed the data.
The report reflects a sweeping government effort to identify and report ransomware attacks following the hacking of U.S.-based Colonial Pipeline’s IT network in May 2021. Company CEO Joseph Blount Jr. paid Russian-based cybercriminals $5 million. The Department of Justice later recovered approximately half of the ransom.
Leaders from 36 countries and the European Union met Tuesday in Washington to discuss effective counteraction against ransomware threats. Ransomware attacks are a type of cyberattack where a hacker installs malicious software on a computer or server that threatens to release data or blocks access to it until a ransom is paid.
FinCEN said there were 1,489 ransomware incidents costing nearly $1.2 billion last year, a substantial rise from $416 million in damages recorded in 2020, according to the report.
FinCEN’s analysis covers 2021, with a focus on the second half of the year. The agency said four of the overall top five ransomware attacks reported during this period are tied to Russia. Around 75% of ransomware-related incidents are also related to the country.
The surge in reports might be due to a step up in enforcement since the Colonial Pipeline attack, according to the analysis. The attack shut down the pipeline for days, causing fuel shortages in the Southeast and snarling air traffic across much of the U.S. President Joe Biden declared a state of emergency as a result.
In March, Biden signed a measure requiring some businesses to report certain cyber incidents and ransomware payments to the Cybersecurity, Infrastructure and Security Agency. CISA also launched a campaign to reduce the risks of ransomware in January 2021.