Russian hackers account for most 2021 ransomware schemes, US says

Out of 793 ransomware incidents reported in the second half of 2021, 75% "had a nexus to Russia, its proxies, or persons acting on its behalf."

 A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018. (photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION/FILE PHOTO)
A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018.
(photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION/FILE PHOTO)

Payment-seeking software made by Russian hackers was used in three quarters of all the ransomware schemes reported to a US financial crime agency in the second half of 2021, a Treasury Department analysis released on Tuesday showed.

In analysis issued in response to the increase in number and severity of ransomware attacks against critical infrastructure in the United States since late 2020, the US Financial Crimes Enforcement Network (FinCEN) said it had received 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% jump from the year before.

Out of 793 ransomware incidents reported to FinCEN in the second half of 2021, 75% "had a nexus to Russia, its proxies, or persons acting on its behalf," the report said.

Washington's meeting on ransomware and cybercrime

Washington is this week hosting a meeting with officials from 36 countries and the European Union, as well as 13 global companies to address the growing threat of ransomware and other cybercrime, including the illicit use of cryptocurrencies.

 EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness. (credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS) EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness. (credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS)

"We may approach the challenge of ransomware with a different lens - and in some cases, an entirely different set of tools - but we are all here because we know that ransomware remains a critical threat to victims across the globe and continues to be profitable for bad actors," Deputy Treasury Secretary Wally Adeyemo told the officials.

Ransom software works by encrypting victims' data, with hackers offering the victim a key in return for cryptocurrency payments that can run as high as millions of dollars.

A US Treasury official on Tuesday said the department last month repelled cyberattacks by a pro-Russian hacker group, preventing disruption, an example he said of the department's stronger approach to financial system cybersecurity.