Attention FAE Customers:
Please be aware that NASBA credits are awarded based on whether the events are webcast or in-person, as well as on the number of CPE credits.
Please check the event registration page to see if NASBA credits are being awarded for the programs you select.

Treasury Report: Russia-Related Ransomware Primarily Responsible for Increase in Attacks

S.J. Steinhardt
Published Date:
Nov 4, 2022


The number of ransomware attacks doubled between 2020 and 2021, with Russia being the main culprit, according to a report from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

The report, an analysis of Bank Secrecy Act data trends between July and December 2021, stated in its main headline that “Russia-Related Malware Dominates Ransomware Landscape,” going on to detail the “extent to which a substantial number of ransomware attacks likely emanate from, or at a minimum are connected to, actors in Russia.”

The report defines ransomware as “malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid, most often in Bitcoin.”

The analysis showed that reported ransomware attacks more than doubled between 2020 and 2021, from 602 to at least 1,251. The total value of these incidents was roughly $527 million in 2020 and roughly $886 million in 2021.

Looking at the second half of 2021, FinCEN found that three quarters of reported ransomware-related incidents—594 of 793—were connected to Russia, either directly, through proxies, or “persons acting on its behalf.”

Even if the attacks were not directly connected to Russia, Russia-related ransomware variants accounted for 69 percent of ransomware incident value, 75 percent of ransomware-related incidents, and 58 percent of unique ransomware variants.

“All of the top five highest grossing ransomware variants in this period are connected to Russian cyber actors,” the report stated.

The cost of all of this nefarious activity in this period is staggering; The mean average total monthly amount was $81.4 million, and the median was $80 million.

Also staggering is the number and total U.S. dollar value for these incidents for all of 2021, which “far exceeds data for any year.” FinCEN received 1,489 ransomware-related filings worth nearly $1.2 billion, a 188 percent increase compared to the total of $416 million for 2020. “This potentially reflects an increase of ransomware-related incidents or improved reporting and detection,” the report noted.

There seems to be no letup in sight. The report pointed out that “since at least late 2019, ransomware groups have adopted new extortion tactics to maximize revenue and create an additional incentive for victims to pay.” One such tactic is known as double extortion, in which “ransomware operators exfiltrate massive amounts of a victim’s data encrypting it and then threaten to publish the stolen data if ransom demands are not met.”

Click here to see more of the latest news from the NYSSCPA.