U.S. Banks Processed About $1.2B in Ransomware Payments in 2021

Source: CNBC | Published on November 2, 2022

Christie's ransomware

According to a federal financial crimes watchdog, U.S. banks and financial institutions processed roughly $1.2 billion in likely ransomware payments in 2021, a new high and nearly triple the amount in the previous year.

The total represents payments made by bank customers to potential cybercriminals. Under the Bank Secrecy Act, US banks must report suspicious transactions to federal authorities.

According to a new report released Tuesday by the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, which analyzed the data, suspected Russian cyber hackers are responsible for more than half of the ransomware attacks.

The report reflects a broad government effort to identify and report ransomware attacks in the aftermath of the May 2021 hacking of Colonial Pipeline’s IT network in the United States. CEO Joseph Blount Jr. paid $5 million to Russian-based cybercriminals. The Department of Justice eventually recovered roughly half of the ransom.

Leaders from 36 countries and the European Union met in Washington on Tuesday to discuss effective countermeasures to ransomware threats. Ransomware attacks are a type of cyberattack in which a hacker installs malicious software on a computer or server, threatening to release data or preventing access to it until a ransom is paid.

According to the report, FinCEN reported 1,489 ransomware incidents costing nearly $1.2 billion last year, a significant increase from the $416 million in damages recorded in 2020.

The FinCEN analysis looks ahead to 2021, with a focus on the second half of the year. According to the agency, Russia is responsible for four of the top five ransomware attacks reported during this time period. Approximately 75% of ransomware incidents are also linked to the country.

According to the analysis, the increase in reports could be attributed to increased enforcement following the Colonial Pipeline attack. The attack caused fuel shortages in the Southeast and snarled air traffic across much of the United States, prompting President Joe Biden to declare a state of emergency.

Biden signed legislation in March requiring certain businesses to report cyber incidents and ransomware payments to the Cybersecurity, Infrastructure, and Security Agency. In January 2021, CISA also launched a campaign to reduce the risks of ransomware.