US banks and financial institutions processed $1.2 billion in ransomware payments in 2021, the Financial Crimes Enforcement Network (FinCEN) revealed earlier this week. According to FinCEN’s Financial Trend Analysis, FinCEN received 1,489 ransomware-related filings worth $1.2 billion in 2021, an astounding 188 percent increase compared to $416 million in 2020. According to FinCEN's analysis of ransomware-related BSA filings for the previous year, ransomware continues to pose a serious threat to critical infrastructure and businesses in the U.S.
Source: FinCEN’s Financial Trend Analysis
According to the FinCEN report, over half the ransomware attacks are connected to actors in Russia. In 2021’s second half of the 793 ransomware-related incidents reported to FinCEN in the Bank Secrecy Act (BSA) data, 594 had a nexus to Russia, persons or proxies acting on its behalf. According to the report, the majority of ransomware activity was caused by variants related to Russia. As per the review period, ransomware variants associated with Russia accounted for 69% of ransomware incident value, 75% of ransomware-related incidents, and 58% of unique ransomware variants. Also, the top five highest-grossing ransomware variants in this period were connected to Russia.
Also, Read: Ransomware Attacks are on The Rise, and their Variants Almost Doubled
Variants
FinCEN identified 84 ransomware variants reported in BSA data responsible for incidents during the review period, of which roughly 58% or 49 variants are suspected Russian cyber actors. The most commonly reported variants were Conti, Phobos, DarkSide, REvil/Sodinokibi, and Avaddon. While attribution of malware is complicated, these variants were identified in open source information such as using Russian-language code, advertising on Russian-language websites, or being coded mainly to not attack targets in Russia.
According to the FinCEN analysis, the surge in the reports may be due to scrutiny and enforcement since the Colonial Pipeline attack. The attack disrupted the pipeline for days, causing fuel shortages in the Southeast and complicating air traffic across the US. As a result, President Joe Biden declared a state of emergency. Similarly, the president signed a measure requiring certain businesses and sectors to report ransomware payments and cyber attack incidents to the Cybersecurity Infrastructure and Security Agency (CISA).
“Today’s report reminds us that ransomware—including attacks perpetrated by Russian-linked actors— remain a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das. “It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”
The Financial institutions' compliance with BSA obligations plays a crucial role in protecting U.S. financial institutions from cyberattacks. Financial institutions should decide if a suspicious activity report (SAR) filing is necessary or relevant when dealing with ransomware incidents. Banks should also file with FinCEN a report or any suspicious transaction they believe violates law and regulation.
For more news and updates, Visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.
