Ransomware Payments in 2021 Already Dwarf Last Year’s Total, FinCEN Reports

Payments tied to ransomware attacks in 2021 are already exceeding 2020′s total, the U.S. government’s financial crimes watchdog announced Friday.

Exchanges and other financial institutions reported more than $590 million in payments tied to ransomware attacks, including cryptocurrency payments, to the Financial Crimes Enforcement Network (FinCEN) in the first half of 2021, outstripping a 2020 total of just $416 million. It was not immediately clear what amount of this total was comprised specifically of cryptocurrency transactions, versus more traditional payment methods.

A Treasury Department press release said attackers are “increasingly requesting payments in Anonymity-Enhanced Cryptocurrencies such as Monero.”

Attackers are also using mixers, decentralized exchanges, fresh wallet addresses and hopping between chains more as an effort to evade law enforcement officials, the release said.

Crypto SARs

FinCEN tied the reported amounts, which came through Suspicious Activity Reports (SARs), to a total of $5.2 billion in transactions that may be “potentially tied” to ransomware payments, according to Treasury Department official Todd Conklin.

Last year, former FinCEN Director Kenneth Blanco told CoinDesk that less than 1% of SARs filed to the agency mentioned crypto, though he did not share any monetary figures tied to these reports.

Conklin, counselor to Deputy Treasury Secretary Adewale Adeyemo, told TRM Labs’ Ari Redbord that the announcement is part of the Treasury Department’s broader push against ransomware. Ransomware, where an attacker encrypts a victim’s computer or network until the victim pays a ransom for a decryption key, has been employed in several high-profile attacks in 2021, disrupting critical supply-chain vendors like a gas transport firm and a meat processing plant.

Read more: Here’s What We Know About Suex, the First Crypto Firm Sanctioned by US

Last month, the Treasury Department added an over-the-counter crypto trading platform to a global blacklist for the first time in its ongoing fight to tamp down on ransomware attacks and payments.

“We have seen an aggressive sustained effort on ransomware the last few weeks from the administration that started even before the Suex designation,” Redbord, a former Treasury official, told CoinDesk in a statement. “We are rightfully seeing the most focus on hardening cyber defenses, and when it comes to crypto, we are seeing Treasury, DOJ, and others target the illicit parts of the crypto ecosystem rather than the overwhelmingly compliant industry itself.”

Remaining compliant

In addition to the FinCEN findings, the Treasury Department’s Office of Foreign Asset Control (OFAC) published a “sanctions compliance guidance” brochure for crypto businesses, detailing the requirements for U.S. persons and entities that come into contact with “blocked” cryptocurrencies.

“Once a U.S. person determines that they hold virtual currency that is required to be blocked pursuant to OFAC’s regulations, the U.S. person must deny all parties access to that virtual currency, ensure that they comply with OFAC regulations related to the holding and reporting of blocked assets, and implement controls that align with a risk-based approach,” the brochure said.

The document includes recommended best practices and controls that crypto industry businesses can implement to remain in compliance with federal law.

“We are going to continue to target the illicit parts of the crypto ecosystem while also ensuring we are helping to bolster compliance regimes across the entire ecosystem,” Conklin said. “Fundamentally though, we see ransomware as a cyber security issue. It gets framed in many areas as a crypto currency issue, but just attacking the crypto ecosystem is not going to fix the core problem, which is cyber vulnerabilities across multiple sectors.”

Heightened focus

OFAC said in a press release that cryptocurrencies are being increasingly used for ransomware payments, though it also did not specify a breakdown between fiat transactions and cryptocurrency transactions.

The Treasury Department is recommending that “industry participants … consider incorporating the elements and controls” detailed in the brochure.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Deputy Secretary of the Treasury Wally Adeyemo said in a statement. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”