The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has identified a total of 177 cryptocurrency wallets associated with the top 10 most commonly reported ransomware variants during the first half of the year.
In a report detailing ransomware-related financial transactions, FinCEN reveals that these 177 unique wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, most of which could be potentially related to ransomware.
Between January 1 and June 30, 2021, there were 635 ransomware-related suspicious activity reports (SARs) filed by financial institutions, including 458 transactions that occurred in this timeframe.
The total value of the suspicious activity was $590 million, significantly higher than the $416 million registered for the entire 2020. The registered transactions for the first half of the year amounted to $398 million — the difference represents transactions registered before January 1, 2021.
FinCEN estimates that, by the end of the year, the ransomware-related transaction value of filed reports will be higher than that of the reports filed over the past 10 years combined.
“The transition to remote and online work in response to COVID-19 has also exacerbated risks and vulnerabilities of businesses to cyberattacks such as ransomware. Attacks on small municipalities and healthcare organizations have also increased, typically due to perceived weaker security controls and higher propensity of these victims to pay the ransom because of the criticality of their services, particularly during a global health pandemic,” FinCEN notes.
Most of the ransomware-related payments during the first half of the year were of less than $250,000, with a median average payment of $102,273, slightly higher compared with the $100,000 registered during the first six months of last year.
In terms of cumulative payments, the top 10 ransomware variants identified during the review period (out of a total of 68 variants named in the filed reports) were responsible for $217.56 million in suspicious activity, with monthly payment amounts ranging from $3,095 to $43.06 million.
A total of 242 reports were filed for the top 10 most frequently reported ransomware variants, with a total value of incidents of roughly $152.5 million.
For these ransomware variants, FinCEN identified 177 crypto wallets used for payments, and also observed a total of $5.2 billion being sent from these wallets to known entities, including 51% to exchanges and 43% to other convertible virtual currency (CVC) services. Only 1% of payments were sent to mixing services.
“Not all of the funds sent from these wallet addresses are definitely related to ransomware payments; however, all of the exchanges and services identified below were at a minimum a direct counterparty to wallet addresses that received ransomware-related payments,” FinCEN says.