US financial institutions reported more than $1 billion in potential ransomware-related payments in 2021 — more than double the amount from the previous year and the most reported, according to Treasury Department data shared exclusively with CNN.
The five hacking tools that accounted for the most payouts in the last half of 2021 were all connected to Russian hackers, according to a report from the Treasury’s Financial Crimes Enforcement Network (FinCEN).
The report describes the pressing national security challenges the Biden administration is trying to address since a May 2021 ransomware attack forced a major US pipeline operator to shut down for several days.
It comes as the Biden administration convened three dozen government allies in Washington this week to discuss how to combat the illicit flow of ransom payments and make organizations more resistant to hacking. Russia was notably absent from this week’s talks.
The sharp rise in reported ransomware payments may be due to banks getting better at tracking and reporting payments, according to the Treasury, but also a broader trend of high rates of ransomware attacks across industries. The Treasury Department’s analysis uses reports that US banks are required to file with regulators to prevent money laundering. It includes data from US banks and international banks with US customers. It covers things like extortion amounts and attempted ransom payments made by banks or their customers.
The data shows that “ransomware — including attacks by Russian-linked actors — remains a serious threat to our national security and economy,” FinCEN Acting Director Himamauli Das said in a statement.
US officials have long complained that the lack of requirements for companies to report ransomware attacks to the government has kept officials in the dark about the scope and cost of the problem. That began to change through a March law requiring certain companies to report ransomware attacks and payments to the Department of Homeland Security.
The FBI discourages businesses from paying ransom because it could further encourage hacking and enrich cybercriminals. But some companies choose to pay their attackers to stay in business.
Colonial Pipeline, the fuel pipeline operator that was hacked in May 2021, chose to pay a $4.4 million ransom in its desperation to secure fuel shipments to the East Coast. The Justice Department later recovered about half of that money from the hackers.