Treasury Reports $590M in Suspected Ransomware Payments


A new report from the Treasury Department shows that American banks and financial institutions (FIs) recorded close to $600 million in suspected ransomware payments during the first half of 2021, more than the total for all of 2020.

As The Wall Street Journal reported on Friday (Oct. 15), treasury officials say that the data, pulled from reports on suspicious activities that FIs are required to submit, highlights the growing threat from this type of cyberattack. The Treasury report was issued in tandem with guidance on the steps it expects organizations to take against ransomware attacks.

Issued by the Treasury’s sanctions-regulatory division, the Office for Foreign Assets Control, these measures require businesses to take more responsibility in fending off attacks and to avoid paying ransom. Failure to follow this guidance can result in penalties and other punitive action from the executive branch.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” said Wally Adeyemo, deputy secretary of the Treasury. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”

Read more: Warren Calls for Stronger Ransomware Law

Ransomware attacks in North America rose by 158% between 2019 and 2020, compared to a global increase of 62%.

The FBI received almost 2,500 complaints about ransomware in 2020, a 20% increase from the previous year.

This year has seen some high-profile attacks on pieces of major infrastructure, such as the ones on the Colonial Pipeline, a critical East Coast fuel source, and JBS, one of the country’s biggest meat suppliers.

Last week, U.S. Sen. Elizabeth Warren and Rep. Deborah Ross introduced legislation that would give the Department of Homeland Security more data on ransomware payments. The Ransomware Disclosure Act is designed to offer a stronger understanding of how cybercriminals conduct business as well as the overall ransomware threat.