US Treasury: Financial institutions reported $1.2 billion in ransomware losses in 2021
James Reddick November 1, 2022

US Treasury: Financial institutions reported $1.2 billion in ransomware losses in 2021

US Treasury: Financial institutions reported $1.2 billion in ransomware losses in 2021

United States financial institutions reported a record year for ransomware attacks and payments in 2021 – driven by malware variants believed to be linked to Russia. In all, the cost of incidents reported last year under the Bank Secrecy Act jumped to $1.2 billion, from $416 million the year before. 

There were 1,489 reported incidents, compared to 487 in 2020, with researchers reporting that “ransomware continues to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public.” The data was released on Tuesday by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). 

“In the last two years, ransomware actors have shifted from a high-volume opportunistic approach to a more selective methodology in choosing victims, targeting larger enterprises, and demanding bigger payouts to maximize their return on investment,” the authors wrote. 

The report’s publication coincides with a global summit with representatives from more than 30 countries at the White House this week to address ransomware, which is increasingly a scourge worldwide. Notably absent from the meeting were officials from Russia, which FinCEN found to be the source of the vast majority of ransomware attacks. 

Researchers found that all five of the top variants had ties to Russia, while nearly 70 percent of incidents had “a nexus to Russia, its proxies, or persons acting on its behalf.”

“While attribution of malware is difficult, these variants were identified in open source information as using Russian-language code, being coded specifically not to attack targets in Russia or post-Soviet states, or as advertising primarily on Russian-language sites,” the authors wrote.

The number of incidents spiked dramatically in the second half of the year – to 793 reported attacks after July 1 – with Russian malware variants again accounting for three out of every four incidents. 

Ransomware analysis on Scribd

James Reddick has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.