US banks have reported they have collectively made more than $1 billion in ransomware-related payments in 2021 — more than double the amount from the previous year and the most ever reported, according to Treasury Department data.
The five hacking tools that accounted for the most payments during H2 2021 are all connected to Russian hackers, according to the report from Treasury’s Financial Crimes Enforcement Network (FinCEN).
The report illuminates a pressing national security challenge that the Biden administration has tried to bring to heel ever since a May 2021 ransomware attack forced a major US pipeline operator to shut down for days.
It comes as the Biden administration convenes three-dozen allied governments in Washington this week to discuss ways to combat illicit flows of ransom payments and make organizations more resilient to hacks. Russia is notably absent from this week’s talks.
The sharp increase in reported ransomware payments could be due to banks getting better at tracking and reporting the payments, according to Treasury, but also a broader trend of a high rate of ransomware attacks across industries.
The Treasury Department’s analysis draws on reports that US banks are required to file with regulators to prevent money laundering.
It includes data from US banks and international banks with US customers. It covers things like extortion amounts and attempted ransom payments made by banks or their customers.
“Today’s report reminds us that ransomware—including attacks perpetrated by Russian-linked actors— remain a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das.
“It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks.
Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”
US officials have long complained that a lack of requirements for companies to report ransomware attacks to the government has left officials in the dark about the scope and cost of the problem.
That is starting to change through a March law that requires certain companies to report ransomware attacks and payments to the Department of Homeland Security.
The FBI discourages businesses from paying a ransom as it can encourage further hacks and enrich cybercriminals. But some companies opt to pay off their attackers to stay in business.
Colonial Pipeline, the fuel pipeline operator that was hacked in May 2021, chose to pay a $4.4 million ransom out of desperation to get fuel shipments moving to the East Coast. The Justice Department later recovered roughly half that money from the hackers.