Victims paid $590 million to ransomware hackers in first half of 2021, Treasury says
Sectors victimized by attacks include manufacturing, legal, insurance, health care, energy, education, and the food supply chain
After a ransomware attack shut down the Colonial Pipeline jeopardizing much of the eastern seaboard’s access to 100 million gallons of oil a day being delivered from Texas and Louisiana, gas shortages occurred within days and hackers were paid millions of dollars to get the pipeline back up and running.
But that was only one incident of many, according to a recent U.S. Treasury Department’s Financial Crimes Enforcement Network analysis of suspicious activity reports (SARs).
In addition to Colonial Pipeline, other sectors impacted include manufacturing, legal, insurance, health care, energy, education, and the food supply chain in the U.S. and worldwide.
The department received 635 SARs during the first half of 2021, up from 458 in 2020.
All told, the U.S. victims of ransomware attacks paid hackers $590 million from January to July of 2021, more than all ransom payments made in 2020, the report states, with bitcoin as the primary method of payment.
Worldwide, more than $5.2 billion in bitcoin transactions were potentially linked to ransomware payouts, the Treasury found.
The average cost of reported ransomware payments per month in the U.S. in 2021 was $102.3 million. If the current trend continues, the number of SARs filed in 2021 “are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined,” the Treasury projects.
The criminal organization that reportedly created the software used to hack Colonial Pipeline "set up a fake company to recruit potential employees," The Wall Street Journal reported.
The fake cybersecurity organization reportedly used the name Bastion Secure, believed to be run by the "well-known hacking group" Fin7, the Journal reported. Fin7 has reportedly attacked "hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S.”
Using anonymous-enhanced cryptocurrencies as well as “mixing services and decentralized exchanges to convert proceeds” is how they have been able to divert funds without being detected.
Andrew Lipow, CEO of Houston-based Lipow Oil Associates LLC, told The Center Square, “The anonymity of a digital currency has allowed ransomware attacks to flourish. If you can’t follow the money today, regulators need to either ban the digital currencies or implement regulations that enable the identification of people and accounts involved in these transactions – just like they would do for a real bank.”
Ransomware attacks are carried out using encrypted technology whereby a hacker breaks into a victim’s computer system and shuts down operations in order to “hold hostage” the victim unless they pay a ransom.
“Some ransomware actors have diversified their revenue streams using a ransomware-as-a-service business model in which ransomware creators sell user-friendly ransomware kits on the Dark Web or outsource ransomware distribution to affiliates in exchange for a percentage of the ransom. This lowers the technical expertise needed to carry out an attack,” the Treasury report states.
U.S. based cybersecurity companies filed most of the SARs; banks and cryptocurrency exchanges filed roughly one-third.
U.S. Sen. Elizabeth Warren, D-Conn., has warned against the dangers of an unregulated crypto market. In July, she urged Treasury Secretary Janet Yellen, and separately, the new SEC Chairman Gary Gensler, to look into ways to regulate it.
In her letter to Gensler, she said that from October 2020 to March 2021, nearly 7,000 people reported losses from cryptocurrency scams totaling $80 million.
"While demand for cryptocurrencies and the use of cryptocurrency exchanges have skyrocketed, the lack of common-sense regulations has left ordinary investors at the mercy of manipulators and fraudsters," Warren wrote. "These regulatory gaps endanger consumers and investors and undermine the safety of our financial markets. The SEC must use its full authority to address these risks, and Congress must also step up to close these regulatory gaps and ensure that every investor has access to a safe cryptocurrency marketplace."
Gensler replied that the U.S. needs “additional authorities to prevent transactions, products, and platforms from falling between regulatory cracks,” “more resources to protect investors in this growing and volatile sector,” and Congress should prioritize legislation to focus on crypto trading, lending and DeFi platforms.
In the Treasury Department’s recently proposed “The American Families Plan Tax Compliance Agenda,” it suggests that any Bitcoin transfer over $10,000 be reported to the Internal Revenue Service. Virtual currencies, which pose a “significant concern,” it states, “have grown to $2 trillion in market capitalization. Cryptocurrency already poses a significant detection problem by facilitating illegal activity broadly including tax evasion."
The crypto industry is currently worth more than $2 trillion. According to a report from Gemini, a cryptocurrency exchange, 14% of adult Americans, 21 million people, own cryptocurrency. In a survey conducted earlier this year, The Motley Fool found that roughly 50 million Americans were likely to buy crypto in the next year.
The White House has announced its interest in regulating the industry. The National Security Council and National Economic Council “are coordinating across the interagency to look at ways we can ensure that cryptocurrency and other digital assets are not used to prop up bad actors, including ransomware criminals,” a White House National Security Council spokeswoman said.
The U.S. Department of Justice also announced it was forming a National Cryptocurrency Enforcement Team to “to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.”