Reported Ransomware Incidents, Costs Soared in 2021, Treasury Says

- Advertisement -


“I think we’re just looking at the tip of the iceberg in what these real payments are,” said Paul Benda, senior vice president of operational risk and cybersecurity at the American Bankers Association, a trade group for banks.

- Advertisement -

For example, when FinCEN looked at cryptocurrencies passing through virtual wallets, believed to have been used by hackers to handle ransom payments during the first six months of 2021, analysts found nearly half of all bitcoin transactions in bitcoin transactions alone. Found $5.2 billion, flowing out of 177 wallets.

- Advertisement -

Under a 2020 law designed to combat money laundering, banks must file a Suspicious Activity Report, or SAR, with FinCEN when they believe the transactions are related to a crime. The process of detecting suspicious transactions varies from bank to bank, and flagged transactions involve not only payoffs, but suspected ransom proceeds filtering through the financial system. it happens. FinCEN is a branch of the Treasury that analyzes financial data to identify money laundering, terrorist financing and other crimes.

FinCEN said the reports for the first six months of 2021 exceeded the total for all of 2020 alone, noting that about 75% of incidents in 2021 stemmed from Russia-based cyber actors. The report did not directly blame the Russian government and Moscow has denied involvement in the cyber attack.

- Advertisement -

The increase in SAR volume and the value associated with those reports does not necessarily mean that the number of attacks is increasing. Teresa Walsh, head of global intelligence at the Financial Services Information Sharing and Analysis Center, a cybersecurity intelligence-sharing network for the financial sector, said banks may be over-reporting cautiously.

High-profile incidents have sparked reporting, Ms Walsh said, citing the SolarWinds Corp software breach, which was disclosed in December 2020 and hit nearly a dozen federal agencies and 100 companies and Colonial Pipeline Co in May 2021. affected by the cyber attack. The Colonial Pipeline episode caused panic and fuel shortages in the southeastern states for days, driving the price of gasoline up. The pipeline operator paid about $4.4 million in ransom, of which the Federal Bureau of Investigation was able to obtain about half.

Despite the huge increase in numbers year-on-year, banking experts say the true cost of ransomware and other cybercrimes is less than what is reported in the report.

The US government has stepped up efforts to combat ransomware, most recently by hosting an international summit on the subject at the White House earlier this week, which was attended by the European Union and more than 30 countries. The participants agreed to create an international task force on ransomware, following similar domestic efforts within the Justice Department to help fight cross-border cybercrime.

Following the passage of the Cyber ​​Incident Reporting for Critical Infrastructure Act in March, US agencies, including the Cyber ​​Security and Infrastructure Security Agency, have been working to mandate when and in how much detail companies should disclose cyberattacks .

While reports like FinCEN’s latest analysis provide just one snapshot of the ransomware ecosystem, Mr. Benda said, they allow banks to see how their SARs are being used.

“We really think it is important for the financial industry to share this type of information,” he said.

Write to James Rundle at [email protected]

Credit: www.wsj.com /

- Advertisement -

Recent Articles

Related Stories