During the first half of the year, the Financial Crimes Enforcement Network (FinCEN) of the US Department of Treasury discovered a total of 177 bitcoin wallets linked to the top 10 most regularly reported ransomware variants.
FinCEN claims that these 177 distinct wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, the majority of which could be tied to ransomware, in a report documenting ransomware-related financial transactions.
Financial institutions reported 635 ransomware-related suspicious activity reports (SARs) between January 1 and June 30, 2021, with 458 transactions occurring over that time period.
The overall worth of suspicious activity was $590 million, far more than the $416 million recorded for the full year of 2020. The total amount of registered transactions for the first half of the year was $398 million; the difference represents transactions that occurred prior to January 1, 2021.
FinCEN believes that the ransomware-related transaction value of filed reports will be bigger by the end of the year than the aggregate value of reports filed over the previous ten years.
“As a result of the change to remote and online work in response to COVID-19, organisations’ risks and vulnerabilities to cyberattacks such as ransomware have increased.” Small municipalities and healthcare organisations have also been targeted more frequently, owing to “perceived weaker security controls and a higher proclivity of these victims to pay the ransom due to the criticality of their services, particularly during a global health pandemic,” according to FinCEN.
The majority of ransomware-related payments in the first half of the year were under $250,000, with a median average payment of $102,273, slightly higher than the $100,000 paid in the same period last year.
The top ten ransomware variations discovered during the study period (of of a total of 68 variants specified in filed reports) were responsible for $217.56 million in suspicious activity, with monthly payments ranging from $3,095 to $43.06 million.
For the top ten most often reported ransomware variations, a total of 242 reports were made, with a total value of occurrences of nearly $152.5 million.
FinCEN discovered 177 crypto wallets used for payments associated with these ransomware versions, as well as $5.2 billion transmitted from these wallets to recognised businesses, including 51% to exchanges and 43% to other convertible virtual currency (CVC) services. Payments to mixing services accounted for about 1% of total payments.
“Not all of the cash sent from these wallet addresses are undoubtedly tied to ransomware payments,” FinCEN writes, “but all of the exchanges and services mentioned below were at the very least a direct counterparty to wallet addresses that received ransomware-related payments.”