Ransomware cost US banks $1.2 billion last year

Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents.

The figures come from the most recent Financial Trend Analysis report [PDF] on ransomware from the US Treasury's Financial Crimes Enforcement Network (FinCEN) covering Bank Secrecy Act (BSA) filings for 2021.

Its findings indicate that ransomware continued to pose a significant threat to US critical infrastructure, businesses, and the public, and that a substantial number of ransomware attacks appear to be connected to sources in Russia.

In fact, the total of ransomware-related incidents and their monetary value reported in BSA filings during 2021 far exceeds that of other years, according to the report. FinCEN said it received 1,489 ransomware-related filings worth nearly $1.2 billion, a 188 percent increase over the $416 million filed in 2020.

However, the report also notes that the Treasury's Office of Foreign Assets Control (OFAC) released ransomware-related advisories and encouraged the reporting of ransomware incidents in the second half of 2021, which may have contributed to an overall rise in the figures.

Meanwhile, of the 84 individual ransomware variants reported to FinCEN in connection with incidents during this period, the agency reports that 49 of these, roughly 58 percent, may be connected with suspected Russian threat actors.

• Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup
• Dropbox admits 130 of its private GitHub repos were copied after phishing attack
• Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware
• The White House's global ransomware summit couldn't come at a better time

FinCEN claims that it was able to make this identification because these variants were found to be using Russian language code, were coded specifically not to attack targets in Russia or ex-Soviet states, or were advertized mainly on Russian-language websites. Four of the top five ransomware variants reported during the period could be connected with Russia via at least one of these attributes.

"Today's report reminds us that ransomware – including attacks perpetrated by Russian-linked actors – remains a serious threat to our national and economic security," FinCEN Acting Director Himamauli Das said in a statement.

The report was released to coincide with the second International Counter Ransomware Initiative Summit in Washington, where participants from 36 countries were hosted by the US Deputy Secretary of the Treasury, Wally Adeyemo, to discuss a unified approach to the ransomware threat.

"It is a clear testament to both the grave threat that ransomware poses and the critical importance of international cooperation that we have such strong participation from countries across the globe during this Summit," Adeyemo said in a statement.

"In the midst of this landscape, it is more important than ever that we come together to share what we are seeing through our unique lenses and learn from each other's best practices." ®