Russian hackers account for most 2021 ransomware schemes, U.S. says

Payment-seeking software made by Russian hackers was used in three quarters of all the ransomware schemes reported to a U.S. financial crime agency in the second half of 2021, a Treasury Department analysis released on Tuesday showed.

In analysis issued in response to the increase in number and severity of ransomware attacks against critical infrastructure in the United States since late 2020, the U.S. Financial Crimes Enforcement Network (FinCEN) said it had received 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% jump from the year before.

Out of 793 ransomware incidents reported to FinCEN in the second half of 2021, 75% “had a nexus to Russia, its proxies, or persons acting on its behalf,” the report said.

Washington is this week hosting a meeting with officials from 36 countries and the European Union, as well as 13 global companies to address the growing threat of ransomware and other cybercrime, including the illicit use of cryptocurrencies.

“We may approach the challenge of ransomware with a different lens – and in some cases, an entirely different set of tools – but we are all here because we know that ransomware remains a critical threat to victims across the globe and continues to be profitable for bad actors,” Deputy Treasury Secretary Wally Adeyemo told the officials.

Ransom software works by encrypting victims’ data, with hackers offering the victim a key in return for cryptocurrency payments that can run as high as millions of dollars.

A U.S. Treasury official on Tuesday said the department last month repelled cyberattacks by a pro-Russian hacker group, preventing disruption, an example he said of the department’s stronger approach to financial system cybersecurity.