Some $ 590 million in ransoms related to so-called ransomware attacks were reported in the first half of the year by financial institutions operating in the United States, according to a report released Friday by the US Treasury Department.
According to the US government, this figure is 42% higher than the amount reported for the whole of 2020, which illustrates the acceleration of this type of attack in recent months. This alone represents nearly 60% of the total reported over the previous ten years, between 2011 and 2020.
And there is strong reason to believe that the true cost could run into the billions of dollars.
These data, which relate to 635 separate reports, were compiled by the Financial Crime Network (FinCEN), which reports to the Department of the Treasury. He specifies that they do not necessarily relate to ransoms paid during the first six months of 2021, some of which may be older.
The total amounts actually paid as ransom during the first half of the year amounted to $ 398 million, divided into 458 different operations, according to FinCEN.
A ransomware attack involves hackers breaking into an entity’s computer network and then locking down the data. The authors then ask those in charge of that company, organization or administration to pay a ransom, most often in the form of cryptocurrencies, in exchange for the unlocking.
According to the Treasury Department, investigators discovered more than 150 online cryptocurrency wallets, and upon analysis uncovered more than $ 5.2 billion in transactions potentially linked to ransomware payments.
Businesses and institutions face significant pressure to pay not only to have their data unlocked, but also to ensure that the attack does not reach the ears of customers or authorities, with the latter regularly issuing strict warnings against giving. money to criminals.
– The United States goes on the offensive –
Several ransomware attacks have made headlines in recent months, including the one that targeted US computer company Kaseya in July. By attacking this company, hackers gained access to more than a thousand companies it provides services around the world.
In early May, an attack targeted the American company Colonial Pipeline, disrupting the distribution of fuel in the United States. It had provoked a strong reaction from the authorities and part of the ransom paid, $ 4.4 million, had been recovered.
The attacks hit businesses of all industries and sizes, from a hospital in Mobile, Alabama, to an agricultural cooperative in Mankato, Minnesota in September.
Among the countries most affected by this type of cyberattack, the United States has decided to go on the offensive.
At the end of September, the U.S. Treasury for the first time blocked the assets of a cryptocurrency platform (SUEX) suspected of having been used by hackers in ransomware attacks.
This platform is linked to Russian nationals and operates, according to several analysts, in Russia, considered, along with China, as one of the countries with the largest community of hackers using ransomware.
On Friday, the Treasury Department published a practical guide for cryptocurrency players reminding them of their obligations in the fight against financial crime, under penalty of penalties.
“The Treasury is helping stop ransomware attacks by making it harder for criminals to seek to profit from these acts, but we need partners in the private sector to help us prevent these illegal activities,” said the deputy secretary of the government. Trésor, Wally Ademeyo, quoted in a statement released Friday.
Washington this week, Wednesday and Thursday, invited representatives of 31 countries to a meeting dedicated to the subject. At the end of this gathering, the delegations “recognized” the importance of international cooperation in this area, in particular through the sharing of information relating to suspicious activities or questionable financial transactions.
The Biden administration is seeking to better coordinate the response to ransomware attacks, which have multiplied in recent months.
In addition, a bill currently under discussion in Congress aims to force entities targeted by ransomware attacks to report, within 48 hours, the possible payment of a ransom. The principle of the text is supported by the American government.