Ransomware crimes netted more than $1 billion last year
Victims of cybercrime shelled out a record $1.2 billion to have their data returned last year as ransomware attacks have grown in size and intensity, according to newly released federal data.
The Financial Crimes Enforcement Network, or FinCEN, reported that banks processed a billion-plus dollars last year in what were likely ransomware payments. That's more than double the amount of money from 2020, the report concluded. The top five highest-paid ransomware incidents all came from attackers who were connected to Russia, FinCEN said.
The report "reminds us that ransomware — including attacks perpetrated by Russian-linked actors — remains a serious threat to our national and economic security," Himamauli Das, FinCEN's acting director, said in a statement this week.
Ransomware is a type of computer hack where an attacker accesses someone's digital device and locks the owner out of their own files. After the lockout, the hacker contacts the owner and demands a payment before restoring access to the files. If there's no payment, the hacker threatens to keep the owner locked out or delete the files completely.
FinCEN, which started in 1990, is an arm of the U.S. Department of Treasury charged with tracking international money laundering, terrorist financing and other financial crimes.
FinCEN said hackers initially focused ransomware attacks on individuals, but have graduated to targeting large companies and demanding bigger payouts. Hackers in 2019 created a variation of ransomware attacks called double extortion, where they lock owners out of their files and then threaten to publish the data — which is often private or potentially embarrassing — if a payment isn't made.
Nearly double that of 2020
Indeed, 2021 had some of the biggest ransomware attacks on record aimed at large companies and nonprofits. A Russian hacking group attacked the Colonial Pipeline, one of the largest pipelines in the U.S., in May 2021. The company paid $4.3 million to retrieve its data, but federal authorities later recovered at least $2.3 million of the paid ransom. Hackers also attacked Planned Parenthood, Sinclair Broadcasting, Shutterfly and payroll processing company Kronos last year.
All told, organizations reported 1,489 ransomware attacks to FinCEN in 2021, a 188% increase from 2020, the agency said.
More recently, a ransomware attack last May marked the last straw for Lincoln College, a historically Black college in rural central Illinois that opened in 1865. The school gave hackers a $100,000 ransom, a payout that compounded financial troubles caused by plummeting enrollment in recent years. The 157-year-old institution shuttered in May.
Ransomware attacks have become more common with the rise in remote work and e-learning, with schools becoming particularly vulnerable.
The Biden administration brought together three dozen nations, the European Union and a slew of private-sector companies for a two-day summit this week looking at how best to combat the attacks.
President Biden earlier this year signed a new law that requires owners of factories, banks, nuclear reactors and other critical infrastructure operations to report when their computer systems are hit with ransomware. Reporting is currently optional for ransom victims, making it difficult to calculate the full impact of the crime.