U.S. Treasury and FinCEN investigates the $5.2 bln ransom payments

With ransomware steadily climbing the charts of criminal reports, the Biden administration is developing plans to combat it. Due to this the current president’s administration held a meeting with the representatives of 30 countries. The plans were to discuss the current state of the situation and the possible solutions. One of such proactive steps is the decision to impose new sanctions on cryptocurrency entities. Under the sanctions will be those who help ransomware gangs in laundering and cashing out ransomware money. Russian cryptocurrency exchange Suex fell under sanctions by the American government.

As part of the policy FinCEN (The financial crimes investigation unit of the US Treasury Department) made a report of its investigation of the top 10 most common ransomware variants. Alone these groups amount to around $5.2 billion while the initial SAR (Suspicious Activity Reports) reports underlined $1.56 billion in suspicious activity. FinCEN officials analyzed 2,184 Suspicious Activity Reports (SARs) recorded by US financial institutions over the last decade, between January 1, 2011, and June 30, 2021.

The US Treasury said today that it tied $5.2 billion in Bitcoin transactions to ransomware payments

That's a lot of Lamborghinis 🐂🚘https://t.co/jUmnAGM78n pic.twitter.com/7AZWUjOIfV

— Catalin Cimpanu (@campuscodi) October 15, 2021

Also according to FinCEN the most commonly reported variants in H1 2021 were REvil/Sodinokibi, DarkSide, Conti, Phobos and Avaddon. The average amount of reported ransomware transactions per month in 2021 constituted $102.3 million. The SARs mentioned 458 suspicious transactions that sum up to $590 million. Financial institutions reported 635 SARs in the first half of 2021 connected to suspected ransomware activity. The overall number of attacks on U.S. companies is the highest in the whole world.

“The Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” Deputy Treasury Secretary Wally Adeyemo.¹

The specialists of FinCEN additionally draw a few increasing trends concerning ransomware especially laundering operations. They exploit anonymity-enhanced cryptocurrencies, such as Monero, and convert ransom money at centralized exchanges. General avoidance of wallet addresses re-usage to fend off security firms from easily identifying and tracking transactions. Appliance of the “chain hopping” technique to exchange funds into other cryptocurrency variants.

Nowadays ransomware is a £10 billion-a-year industry and one of the things it targets organizations, essential services and schools. The biggest ransomware payments present themselves with really big money. In June 2020, the UCSF (University of California San Francisco) surrendered after a month-long pause with criminal hackers, paying a reported $1.14 million to free its systems.

Just at the New Year’s Eve 2019 celebration, the IT department of Travelex was battling with a ransomware virus that infected its systems. Two weeks later, the company paid a reported $2.3 million ransom. The US travel services company CWT Global smashed a record for the largest ever ransom payment in July 2020, after it paid over $4.5 million to the Ragnar Locker ransomware gang.

1. U.S. Treasury department warns crypto projects on possible sanctions and regulations.