“This Financial Trend Analysis is in response to the increase in number and severity of ransomware attacks against U.S. critical infrastructure since late 2020. For example, in May 2021, hackers used a ransomware attack to extort a multi-million dollar ransom, which also disrupted the Colonial Pipeline and caused gasoline shortages. Other recent attacks have targeted various sectors, including manufacturing, legal, insurance, health care, energy, education, and the food supply chain in the United States and across the globe. As Treasury Secretary Janet L. Yellen recently noted, “Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy.” FinCEN analysis of ransomware-related Suspicious Activity Reports (SARs) filed during the first half of 2021 indicates that ransomware is an increasing threat to the U.S. financial sector, businesses, and the public. The number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021 (“the review period”), up 30 percent from the total of 487 SARs filed for the entire 2020 calendar year. The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million). Trends represented in this report illustrate financial institutions’ identification and reporting of ransomware events and may not reflect the actual dates associated with ransomware incidents. FinCEN’s analysis of ransomware-related SARs highlights average ransomware payment amounts, top ransomware variants, and insights from FinCEN’s blockchain analysis.”
