The data “indicates that ransomware is a growing threat to the US financial industry, businesses and the public,” according to the Treasury’s Financial Crimes Enforcement Network report..
The report comes as the Biden administration has looked for several ways to cut the revenue streams of Russian-speaking ransomware groups that have extorted millions of dollars from major U.S. corporations. President Joe Biden called on Russian President Vladimir Putin in June to crack down on cybercriminals operating from Russian soil; US officials are waiting to see if Moscow will take substantive action.
Treasury data includes so-called suspicious activity reports that financial institutions are required to file within 30 days of detecting suspected money laundering or fraud cases. They cover suspected ransomware-related payments that banks and other businesses are aware of implicating themselves or their customers.
“If current trends continue, SARs filed in 2021 are expected to have a higher ransomware transaction value than SARs filed in the previous 10 years combined,” the report says.
The total value of ransomware-related suspicious activity reports filed in the first six months of 2021 was $ 590 million (some of those transactions took place in 2020), up from $ 416 million reported in 2020. The increase in reported payments may be due to both the increase in ransomware attacks and the increased awareness of threats and detection tools available to organizations, according to the report.
The Treasury report “highlights the pervasiveness of ransomware and how it affects many facets of the US economy,” Amy Chang, chief risk and response officer at cyber insurance firm Resilience, told CNN.
The report, she added, “provides valuable insights for cybersecurity practitioners, from threat hunting and data modeling to ransom payment considerations.”
After a series of ransomware attacks in recent months on critical U.S. infrastructure, the problem has become an economic and national security priority for the Biden administration.
The White House convened a virtual summit of 30 countries this week to try to find more effective ways to track and prosecute ransomware gangs. Russia was notably absent. The United States has tried to pressure Moscow to quell ransomware attacks in bilateral talks.
In the meantime, US agencies have been looking for other ways to slow down the ransomware groups. The Treasury last month imposed sanctions on a cryptocurrency exchange that U.S. officials accused of doing business with hackers behind eight types of ransomware.
US authorities are discouraging companies from paying ransoms as it risks fueling even more hacks. But some companies say they have no choice but to pay the crooks who hold their systems hostage.
Treasury officials have also issued updated guidance to U.S. companies on how they can avoid violating U.S. sanctions when paying ransoms.