Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Banks Informed U.S. Treasury of $590 Million in Ransomware Payments

The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has identified a total of 177 cryptocurrency wallets associated with the top 10 most commonly reported ransomware variants during the first half of the year.

The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has identified a total of 177 cryptocurrency wallets associated with the top 10 most commonly reported ransomware variants during the first half of the year.

In a report detailing ransomware-related financial transactions, FinCEN reveals that these 177 unique wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, most of which could be potentially related to ransomware.

Between January 1 and June 30, 2021, there were 635 ransomware-related suspicious activity reports (SARs) filed by financial institutions, including 458 transactions that occurred in this timeframe.

The total value of the suspicious activity was $590 million, significantly higher than the $416 million registered for the entire 2020. The registered transactions for the first half of the year amounted to $398 million — the difference represents transactions registered before January 1, 2021.

FinCEN estimates that, by the end of the year, the ransomware-related transaction value of filed reports will be higher than that of the reports filed over the past 10 years combined.

“The transition to remote and online work in response to COVID-19 has also exacerbated risks and vulnerabilities of businesses to cyberattacks such as ransomware. Attacks on small municipalities and healthcare organizations have also increased, typically due to perceived weaker security controls and higher propensity of these victims to pay the ransom because of the criticality of their services, particularly during a global health pandemic,” FinCEN notes.

Most of the ransomware-related payments during the first half of the year were of less than $250,000, with a median average payment of $102,273, slightly higher compared with the $100,000 registered during the first six months of last year.

In terms of cumulative payments, the top 10 ransomware variants identified during the review period (out of a total of 68 variants named in the filed reports) were responsible for $217.56 million in suspicious activity, with monthly payment amounts ranging from $3,095 to $43.06 million.

Advertisement. Scroll to continue reading.

A total of 242 reports were filed for the top 10 most frequently reported ransomware variants, with a total value of incidents of roughly $152.5 million.

For these ransomware variants, FinCEN identified 177 crypto wallets used for payments, and also observed a total of $5.2 billion being sent from these wallets to known entities, including 51% to exchanges and 43% to other convertible virtual currency (CVC) services. Only 1% of payments were sent to mixing services.

“Not all of the funds sent from these wallet addresses are definitely related to ransomware payments; however, all of the exchanges and services identified below were at a minimum a direct counterparty to wallet addresses that received ransomware-related payments,” FinCEN says.

Related: White House Blacklists Russian Ransomware Payment ‘Enabler’

Related: Hit by a Ransomware Attack? Your Payment May be Deductible

Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.