The Business Times

US banks spent US$1b on ransomware payments in 2021, Treasury says

Published Wed, Nov 2, 2022 · 10:41 PM

US financial institutions reported nearly US$1.2 billion on likely ransomware-related payments last year, most commonly in response to breaches originating with Russian criminal groups, according to the Treasury Department.

The payments more than doubled from 2020, underscoring the pernicious damage that ransomware continues to wreak on the private sector. The Financial Crimes Enforcement Network, or FinCEN, said its analysis “indicates that ransomware continues to pose a significant threat to US critical infrastructure sectors, businesses and the public.”

Financial institutions filed 1,489 incidents related to ransomware in 2021, up from 487 the year before, according to data collected under the Bank Secrecy Act. FinCEN’s analysis included extortion amounts, attempted transactions and payments that were unpaid.

In the US, banks are required to file suspicious activity reports to help the government detect money laundering or other criminal activity.

FinCEN said the top five highest-grossing ransomware variants from the second half of 2021 are connected to Russian cybercriminals. The damage from Russian-related ransomware during that period totalled more than US$219 million, according to the data.

Treasury’s report comes as a US-hosted ransomware summit in Washington brings together nearly three dozen countries to tackle a scourge that’s hobbled businesses, non-profits and government agencies globally. The pace and sophistication of those intrusions is increasing faster than the US’ ability to disrupt them, a senior Biden administration official said on Sunday.


Start and end each day with the latest news stories and analyses delivered straight to your inbox.


FinCEN said its analysis was in response to the increase in both number and severity of recent ransomware hacks against US critical infrastructure. The jump, officials said, could also be reflective of institutions getting better at identifying and reporting incidents.

In March, President Joe Biden signed sweeping cybersecurity legislation that mandates certain sectors report breaches to the US Department of Homeland Security within 72 hours of discovery of the incident, and 24 hours if they make a ransomware payment.

Ransomware actors continue to release private troves of data if their demands aren’t met. Their targets include a breach this fall on the Los Angeles Unified School District, in which confidential information about students was leaked when the ransom wasn’t paid. BLOOMBERG



BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to

Banking & Finance


Get the latest coverage and full access to all BT premium content.


Browse corporate subscription here