US financial institutions processed roughly $1.2 billion in ransomware-related payments last year, a nearly 200 percent increase compared to 2020, according to the Treasury Department.
The sharp increase in cost underscores the damage of ransomware on the private sector. The Financial Crimes Enforcement Network (FinCEN) noted that its analysis indicates that “ransomware continues to pose a significant threat to US critical infrastructure sectors, businesses, and the public.”
Such incidents skyrocketed in the second half of 2021, with 75% of activities related to Russian cybercriminals, according to the report. FinCEN said four out of five top ransomware variants during the period are connected to Russia, though they cannot attribute it directly to Moscow.
“While attribution of malware is difficult, these variants were identified in open source information as using Russian-language code, being coded specifically not to targets in Russia or post-Soviet states, or as advertising primarily on Russian-language sites,” the report read.
The report comes as the White House wrapped up the International Counter Ransomware Initiative (CRI) summit in Washington earlier this week, which brought together 36 countries and the European Union as well as private sector members to tackle the ever-changing ransomware landscape. The summit has outlined the efforts to address ransomware attacks in the upcoming year, including the establishment of an International Counter Ransomware Task Force led by Australia to share information and disrupt attacks collaboratively. In another effort announced at the conference, Lithuania will build a fusion cell at the Regional Cyber Defense Centre to analyze the technical trends of ransomware.
Despite the financial sector being heavily regulated to protect customers’ data, ransomware groups are constantly targeting banks and financial services as they are more likely to pay.
“Whether it’s an organization wanting to avoid public scrutiny for the breach occurring or concerns with government penalties, many do not report the attacks and give in to the ransom demands,” Michael Bruemmer, global vice president of Experian Data Breach Resolution, explained to SC Media.
According to a recent study by Sophos, 52% of financial institutions that experienced ransomware attacks ended up paying the ransom, which is higher than the global average of 46%.
“Additionally, unlike hospitals and schools, [financial institutions] are unlikely to garner any sympathy from the general public, which puts greater pressure on them to pay,” Vincent D’Agostino, former senior special agent for the FBI New York cyber division and head of digital forensics and incident response at BlueVoyant, added.
While the public and private sectors have made concrete efforts to address elevating threats, ransomware tactics have evolved accordingly.
More ransomware groups are shifting to double extortion attacks, stealing data and exfiltrating them before the encryption, according to Drew Schmitt, ransomware negotiator and principal threat intelligence analyst at GuidePoint Security.
“In some cases, to put more pressure on victims to pay the ransom, threat actors even threaten organizations that they will send leaked data to organizations’ competitors,” Schmitt told SC Media in an interview.
The prevalence of cryptocurrency also contributes to the increase in ransomware attacks, as money could, according to Bruemmer, “move more fluidly across borders.”
Washington noted the efforts to address risks associated with cryptocurrency during the CRI summit. The White House said members would share information about crypto wallets used for laundering ransoms and hold a workshop on counter illicit financing of ransomware. Participants will also develop and build international standards around anti-money laundering and financing of terrorism for the crypto industry.