U.S. Treasury: Ransomware attacks increased in 2021

The number of U.S. financial institutions reporting a ransomware attack increased "significantly" last year.

This is according to a new report from the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN), which found that over the last six months of 2021, filings of Bank Secrecy Act (BSA) suspicious activity reports related to ransomware were up sharply.

The BSA filings are a mandatory requirement for U.S. financial institutions when spotting potential criminal activity, such as money laundering. Since 2020, FinCEN has made the data public pursuant to U.S. law.

FinCEN's Financial Trends Analysis report, published Tuesday, offered sobering statistics for ransomware attacks against U.S. organizations. From the first to second halves of the year, the number of reports climbed from 458 BSA filings to 793. This follows a first-half report from FinCEN that showed a 30% increase over the previous year.

"Today's report reminds us that ransomware -- including attacks perpetrated by Russian-linked actors-- remain a serious threat to our national and economic security," FinCEN Acting Director Himamauli Das said in a statement announcing the report.

"It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks."

According to the report, 2021 saw a total of 1,251 BSA filings reported and an estimated $886 million lost, with $488 million stemming from incidents that occurred over the latter half of the year.

Per month, it is estimated that the mean average cost of ransomware attacks was $81.4 million and the median was $80 million. FinCEN reported that it identified 84 distinct ransomware variants from the collected filings.

While the agency did not speculate on the exact cause for the increase in ransomware activity, the report did note that Russian threat actors were particularly active during the back half of the year. They accounted for three quarters of the filings either directly or via proxy attackers.

"Russia-related ransomware variants accounted for 69 percent of ransomware incident value, 75 percent of ransomware-related incidents, and 58 percent of unique ransomware variants reported for incidents in the review period," FinCEN reported.

"All of the top five highest grossing ransomware variants in this period are connected to Russian cyber actors."

Russia's dominance in the ranks of ransomware attackers is hardly a surprise given the country's long struggles with cybercrime. While 2021 did see Russian police make a series of high-profile ransomware arrests, hopes of a continued enforcement campaign dwindled with the country's invasion of Ukraine.