$590m in ransomware payments reported to US as attacks surge
New data out last week showed $590 million in ransomware-related payments were reported to US authorities in the first half of 2021 alone, setting a pace to beat totals for the whole previous decade as cyber-extortion booms.
The figure is also 42 per cent higher than the amount divulged by financial institutions for all of 2020, the US Treasury report said, and there are strong indicators the true cost could be in the billions.
“If current trends continue, (reports) filed in 2021 are projected to have a higher ransomwarerelated transaction value than... filed in the previous 10 years combined,” said Treasury’s Financial Crimes Enforcement Network.
The heists involve breaking into a company or institution’s network to encrypt its data, then demanding a ransom, typically paid via cryptocurrency in exchange for the digital key to unlock it.
Washington has sought to crack down on a sharp rise in attacks, including issuing its first sanctions against an online exchange where illicit operators have allegedly swapped cryptocurrency for cash.
Recent assaults on a major US oil pipeline, a meatpacking company and the Microsoft Exchange e-mail system drew attention to the vulnerability of US infrastructure to digital pirates who are extorting staggering sums.
Treasury said investigators found over 150 online wallets for cyptocurrency and by analysing them uncovered roughly $5.2 billion in transactions potentially tied to ransomware payments.
Companies and institutions face intense pressure to pay up in order to get their data unlocked, but also to keep the attack from potentially angry clients and authorities who issue stern warnings not to give cash to criminals.
The report, based on the suspicious activity alerts that financial firms have to file, noted it was unclear if the jump represented increased awareness of the cybercrime. “This trend potentially reflects the increasing overall prevalence of ransomwarerelated incidents as well as improved detection and reporting,” Treasury said.
The victims of the attacks were not identified in the report, which noted some of the apparent ransoms were paid before January 2021.
The new data on the scale of payments related to hacks came after more than two dozen nations resolved to collectively fight ransomware during a Washington-led summit.
The United States gathered the countries — with the notable exception of Russia — to unify and boost efforts to fight a cybercrime that is transnational, on the rise and potentially devastating.
Stronger digital security and offline backups as well as collectively targeting the laundering of the attacks’ proceeds were identified as crucial steps in the fight.
The trend potentially reflects the increasing overall prevalence of ransomwarerelated incidents as well as improved detection and reporting
US TREASURY REPORT