According to a report by Financial Crimes Enforcement Network (FinCEN), banks processed over a billion dollars in transactions last year that were assumingly ransomware payments. The report concluded that this amount is more than double the amount of money from 2020. The top five highest-paid ransomware incidents all involved attackers with connections to Russia, FinCEN added.
The report “reminds us that ransomware- including attacks perpetrated by Russia-linked actors – remains a serious threat to our nation and economic security,” says Himamauli Das, FinCEN’s acting director, in a statement given this week.
Ransomware is a kind of malware that allows hackers access to its victims’ digital devices, restricting the owner of their own files and data. Consequently, the hacker threatens victims, demanding a ransom payment from them, in order for them to restore access to the files.
FinCEN, established in the year 1990, is an arm of the U.S. Department of Treasury. It is in charge of tracking international money laundering, terrorist financing, and other financial crimes.
According to a report by FinCEN, hackers initially targeted people with ransomware attacks, but later advanced to targeting company giants and demanding bigger ransom payouts. In the year 2019, hackers created variations of ransomware attackers, namely ‘double extortion’, where they restrict owners to access their files and threaten to leak personal/ humiliating data to the public – if the demands are not met.
The year 2021 witnessed some of the biggest ransomware attacks on record, aimed at large companies and nonprofits. A Russian hacking group, for example, attacked the Colonial Pipelines, one of the largest pipelines in the U.S. in May 2021. The company later paid the ransom amount of $4.3 million in order to retrieve its stolen data. However, the federal authorities eventually recovered at least $2.3 million of the paid ransom. Additionally, hackers also attacked organizations like Planned Parenthood, Sinclair Broadcasting, Shutterfly, and payroll processing company Kronos last year.
According to FinCEN, organizations reported 1,489 ransomware assaults in total in 2021, up 188% from the year 2020.
More recently, a ransomware attack last May marked the last straw for Lincoln College, a historically Black College in rural central Illinois that opened in 1865. The school gave hackers a $100,000 ransom, a payout that compounded financial troubles caused by plummeting enrollment in recent years. The 157-year-old institution shuttered in May.
Ransomware attacks have recently increased in frequency, with the growing remote work and e-learning, and with educational institutions becoming more prone to the attacks.
In regards to the ongoing ransomware attacks, the Biden administration this week conducted a two-day summit, attended by around three dozen nations, the European Union, and a number of private-sector organizations, in order to find the best ways to combat the attacks.
U.S. President Biden as well signed a new law, earlier this year, that requires owners of factories, banks, nuclear reactors, and other critical infrastructure operations to report when (or if) their computer systems or servers are attacked by ransomware. However, reporting is currently optional for the ransom victims, making it difficult to calculate full impact of the crime.