2021 ransomware transactions already exceed 2020 numbers, Treasury Department says

DarkSide and REvil were two of the most popular ransomware strains reported.
(Photo by NHAC NGUYEN/AFP via Getty Images)

As of June, financial institutions have already reported 635 suspicious ransomware-related activities to the Financial Crimes Enforcement Network, according to a report out Friday from the Treasury Department — a 30% increase from all reported activity in 2020.

The report also found that the cost of ransomware payments is climbing. The total value of the 2021 reports was $590 million — or a $66.4 million monthly average — compared to $416 million for all of 2020.

The analysis, which is the first issued under the updated FinCEN threat trend reporting requirements enacted into law earlier this year, underscores both concerns with the growing cost of ransomware as well as the role of virtual currencies in how criminals extort and launder funds. The Treasury Department last month announced its first sanctions against a cryptocurrency exchange for facilitating transactions involving money gained from ransomware.

The report, as well as guidance issued Friday for virtual currency compliance with sanctions requirements, is another step by the agency to put the industry on notice.


“Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” Wally Adeyemo, deputy secretary of the Treasury, said in a statement.

DarkSide and REvil proved two of the most popular ransomware strains of the 68 mentioned in the reports. Both groups have been under significant scrutiny from U.S. law enforcement. In May, REvil netted a reported $11 million payment for an attack against global meat supplied JBS. The group followed up with a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. DarkSide hackers extorted millions from U.s. fuel provider Colonial Pipeline, leading to a panic over possible gas shortages.

Lawmakers have been pushing to make reporting ransomware payments mandatory.

Bitcoin was the most popular form of virtual currency for transactions.  Based on the virtual currency wallet addresses related to reported ransomware payments, FinCEN identified a total $5.2 billion in outgoing BTC transactions that could be tied to ransomware payments.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts