Banks reported paying a record $1.2 billion to ransomware criminals in 2021, the Financial Crimes Enforcement Network (FinCEN) announced Tuesday.
Ransomware attacks occur when criminals gain access to a computer network and electronically lock it until a “ransom” is paid. The software they use is often sold among criminals via the dark web. They usually demand payment in cryptocurrency.
Many institutions are being attacked, but banks are required under the Bank Secrecy Act to log suspicious activity reports (SARs) and ransomware attacks, including amounts, to FinCEN.
FinCEN in turn analyzes the SARs data it receives and makes it public, as it is required to do under the Anti-Money Laundering Act of 2020.
In 2021, banks reported being hit with at least 1,251 attacks and paying out $1.19 billion as a result of ransomware attacks. This compares with 602 reported incidents and $416 million paid out in 2020, according to the FinCEN report. Just 243 total attacks were reported in 2019, worth $281 million.
FinCEN said it doesn’t know yet if the increase in 2021 is a real trend or improved reporting by banks. FinCEN, together with the U.S. Treasury’s Office of Foreign Assets Control, issued ransomware advisories in fall 2021 and urged banks to report attacks. The advisories may have contributed to the overall increase in reported attacks, FinCEN said.
On average in 2021, 132 ransomware attacks were reported each month.
From July 2021 through December, 793 ransomware attacks were reported, at a total hit of $488 million.
The average amount paid by banks to ransomware criminals during the second half of 2021 was $135,000, an increase from $102,273 for the first half of 2021.
About 594, or 75 percent of the attacks in the second half of 2021, originated from Russia or proxies or persons working on its behalf, according to FinCEN. The amount of these Russian-related attacks was nearly $338 million.
Ransomware criminals often create their own ransomware, and officials call the different types “variants.” FinCEN identified 84 different ransomware variants involved in the attacks occurring in the second half of 2021. At least 49 of the variants were tied to Russian cyber criminals, FinCEN said. The top five variants by amounts they got from banks were all Russian related, FinCEN found.
“Ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das in a statement included in the announcement.
The report “underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks,” Das said.