Trending: American Banks Processing Record Ransomware Payments

Trending: American Banks Processing Record Ransomware Payments

           With the Covid-19 pandemic all but forcing the masses to integrate web-based activities into their daily lives, the trend of cybercriminals using ransomware attacks to exploit big bucks from various entities has exploded across the United States and abroad. The U.S. Department of the Treasury released a new report last week revealing that domestic banks and other financial institutions processed over $1 billion in potential ransomware-related payments in 2021 alone. What is even more alarming than this record figure however is the rate at which ransomware payments are increasing – more than three times the amount compared to payments processed in 2020.

           Ransomware is defined as a form of malicious software (i.e. malware) designed to block access to a computer system or data, generally by encrypting data or programs on IT systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. The 2020’s have developed into an unprecedented period in history with respect to fraud and ransomware crime. In 2020 when $416 million was paid out by American financial firms in ransom to malicious cyber-criminals, analysts speculated that these figures could just be scratching the surface of the gross amount of money being extorted on the national scale. This given that these figures are based off of Bank Secrecy Act (BSA) filings from financial firms themselves, with many financial institutions likely failing to perform appropriate filing practices that year in wake of the happenings of the pandemic. Clearly the aforementioned analysis was spot on, as the $416 million total was dwarfed just the following year with an increase to approximately $1.2 billion spread over nearly 1,500 recorded attacks. What these findings reveal is that attacks of this nature present arguably the greatest cybersecurity threat to the United States moving forward – further adding to the importance of these BSA filings to identify the origins of the attacks and assist government agencies in their crusade against this nefarious activity.

           “Today’s report reminds us that ransomware remains a serious threat to our national and economic security,” the Financial Crimes Enforcement Network’s (FinCEN) Acting Director Himamauli Das said in a statement following the release of their Financial Trend Analysis. “Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their [Bank Secrecy Act] compliance obligations.”3

           2021 stands as a moment in history with respect to cybersecurity due in large part to the now-notorious Colonial Pipeline attack. Sensing weakness following the recent presidential transition, hackers went after the largest American fuel pipeline’s digital infrastructure and ultimately shut it down for several days, leading to shortages across the East Coast of the United States and severely affecting multiple industry markets including the airline industry that remains so dependent on oil. Left without any solutions or aid from the government, Colonial Pipeline had to pay off the hackers (to the tune of 75 bitcoin – worth $4.4 million at the time) to get the decryption key to regain access to their systems. Although the Department of Justice was only able to recover roughly half of the stolen funds, many believe that an increase in due diligence and overall enforcement following the attack has helped to hinder similar efforts targeting major U.S. businesses in the time since.

           FinCEN believes the majority of the recent high-profile attacks that were seen in 2021 and early in 2022 are from Russian-affiliated hackers. They claim that four of the top five attacks in 2021 were perpetrated by bad actors either working out of Russia or on behalf of the Kremlin. They also estimate that around 75% of ransomware-related incidents overall are related to Russia in some form.2 To tackle what has remained a pervasive problem on the global scale, government leaders from 36 countries met in Washington last Tuesday as part of the Second International Counter Ransomware Initiative (CRI) Summit with the goal was of improving cooperation in strategizing and coordinating joint efforts to defend against these attacks and deter them when feasible. A senior White House official added that the government’s hope is that “CRI partners take advantage of this opportunity to come together and stretch our work to counter ransomware beyond just the participating countries, integrating the insights from the summit into our diplomatic approach so that together we can institute a set of cyber norms and rules of the road that are recognized across the globe to counter criminal ransomware threats and hold malicious actors accountable.”1

           Time will tell if these effort are meaningful however, as these figures only appear to be trending higher as we approach 2023. In the meantime, financial institutions would be wise to continue to be vigilant and report any suspicious activity and known cyber incidents/ransomware exploits via BSA filings and/or reporting to the Cybersecurity, Infrastructure and Security Agency (CISA).

 Citations

1.      “Background Press Call by a Senior Administration Official Previewing the Second International Counter Ransomware Initiative Summit.” The White House, The United States Government, 31 Oct. 2022. 

2.      Cox, Chelsey. “U.S. Banks Processed Roughly $1.2 Billion in Ransomware Payments in 2021, According to Federal Report.” CNBC, 1 Nov. 2022. 

3.      “Financial Trend Analysis - Financial Crimes Enforcement Network.” U.S. Department of the Treasury, Oct. 2022. 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics