US financial institutions reported more than $1 billion in potential ransomware-related payments in 2021 — more than double the amount from the previous year and the most ever reported, according to Treasury Department data shared exclusively with CNN.
The five hacking tools that accounted for the most payments during the last half of 2021 are all connected to Russian hackers, according to the report from Treasury’s Financial Crimes Enforcement Network (FinCEN).
The report illuminates a pressing national security challenge that the Biden administration has tried to bring to heel ever since a May 2021 ransomware attack forced a major US pipeline operator to shut down for days.
It comes as the Biden administration convenes three-dozen allied governments in Washington this week to discuss ways to combat illicit flows of ransom payments and make organizations more resilient to hacks. Russia is notably absent from this week’s talks.
The sharp increase in reported ransomware payments could be due to banks getting better at tracking and reporting the payments, according to Treasury, but also a broader trend of a high rate of ransomware attacks across industries. The Treasury Department’s analysis draws on reports that US banks are required to file with regulators to prevent money laundering. It includes data from US banks and international banks with US customers. It covers things like extortion amounts and attempted ransom payments made by banks or their customers.
The data show that “ransomware — including attacks perpetrated by Russian-linked actors — remain a serious threat to our national and economic security,” FinCEN Acting Director Himamauli Das said in a statement.
US officials have long complained that a lack of requirements for companies to report ransomware attacks to the government has left officials in the dark about the scope and cost of the problem. That is starting to change through a March law that requires certain companies to report ransomware attacks and payments to the Department of Homeland Security.
The FBI discourages businesses from paying a ransom as it can encourage further hacks and enrich cybercriminals. But some companies opt to pay off their attackers to stay in business.
Colonial Pipeline, the fuel pipeline operator that was hacked in May 2021, chose to pay a $4.4 million ransom out of desperation to get fuel shipments moving to the East Coast. The Justice Department later recovered roughly half that money from the hackers.