The US spent $1.2 billion on ransomware payments in 2021

• Ransomware attacks value in 2021 triple, according to a federal financial crimes watchdog.
• The damage from Russian-related attacks during that period totaled more than $219 million.

In 2021, the frequency of ransomware attacks increased dramatically, rising 92.7% year-on-year, according to global cyber security and risk mitigation expert NCC Group’s Annual Threat Monitor. In a separate report released this week by the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN), US banks and financial institutions alone processed a staggering $1.2 billion in likely ransomware payments in that same year.

The amount, a new record, is almost triple the amount of the previous year, according to the federal financial crimes watchdog. Specifically, the report shows that there were 1,489 ransomware incidents costing nearly $1.2 billion last year, a substantial rise from US$416 million in damages recorded in 2020. That also means that the mean average total monthly cost of incidents in the review period was $81.4 million, and the median was $80 million, FinCEN said.

For context, ransomware is malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid, most often in Bitcoin. In the last two years, bad actors have shifted from a high-volume opportunistic approach to a more selective methodology in choosing victims, targeting larger enterprises, and demanding bigger payouts to maximize their return on investment. 

Some actors have diversified their revenue streams using a ransomware-as-a-service (RaaS) business model in which creators sell user-friendly ransomware kits on the dark web or outsource ransomware distribution to affiliates in exchange for a percentage of the ransoms. Additionally, since at least late 2019, threat groups have adopted new extortion tactics to maximize revenue and create an additional incentive for victims to pay. Known as “double extortion,” ransomware operators exfiltrate massive amounts of a victim’s data before encrypting it and then threaten to publish the stolen data if ransom demands are not met.

Russia tops the ransomware charts

What is more interesting is the fact that over half the attacks are attributed to suspected Russian cyber hackers. “Russia-related ransomware variants accounted for 69% of incident value, 75% of incidents, and 58% of unique ransomware variants reported for incidents in the review period. All of the top five highest grossing variants in this period are connected to Russian cyber actors,” the report reads.

For FinCEN Acting Director Himamauli Das, the report reminds everyone that ransomware — including attacks perpetrated by Russian-linked actors— remains a serious threat to national and economic security. “It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat attacks. Financial institutions play a critical role in helping to protect the US from ransomware-related threats simply by fulfilling their BSA compliance obligations.”