The US Financial Crimes Enforcement Network (FinCEN) recently revealed that Bitcoin is the most popular payment method among ransomware operators. This news alone would have been easy to guess – cryptocurrency and criminal activity go hand in hand like pancakes and syrup – but the extent of these payments was previously unknown. FinCEN said it believed $ 5.2 billion worth of Bitcoin transactions were related to ransomware.
The agency’s findings, which BleepingComputer reported on October 15, were published in a report titled “Ransomware Trends in Banking Secrecy Law Data January 2021 – June 2021”. The report describes the increasingly ubiquitous nature of ransomware attacks as well as the increasing amount that these attacks can earn their operators. The ransomware doesn’t have a moment; it is to establish a long reign.
FinCEN said its analysis of ransomware-related suspicious activity reports (SARs) filed in the first half of 2021 “indicates that ransomware is a growing threat to the US financial industry, businesses and the public.” The agency said 487 SARs were filed in 2020, but that number saw a 30% increase between January and June alone with a total of 635 SARs filed during that period.
This means that there are more SARs related to ransomware than ever before. Their value has also increased: “The total value of suspicious activity reported in ransomware-related SARs in the first six months of 2021 was $ 590 million,” FinCEN said, “which exceeds the reported value for the set of 2020 ($ 416 million). “The average transaction amount also fell from $ 100,000 to $ 102,273.
Thus, ransomware is becoming more common and slightly more expensive, which means that the main attackers can make more money than ever before, even though the FinCEN report only covered the first half of the year. Unless these attacks slow down and continued efforts to disrupt the REvil hacker group might help in that regard – things likely won’t improve much for the second half of the year.
FinCEN said it has identified 177 convertible virtual currency (CVC) wallets as having connections to the 10 most common ransomware variants. Even as the more difficult to trace cryptocurrency Monero is growing in popularity, Bitcoin remains the most widely used payment method for ransomware attacks.
“The wallets associated with the 10 variants examined sent BTC worth $ 5.2 billion to known entities, directly or indirectly, of which 51% to exchanges, 43% to other CVC services, 5% to darknet markets and 1% to mixing services, “said FinCEN.” These percentages identify transactions traced to known entities and may not represent the final withdrawal locations after funds have been concealed. “
All of this means that $ 5.2 billion in transactions only describes the major ransomware variants. Only a small amount of these transactions (five percent) were used for illicit purchases in darknet markets. The vast majority have used chain skipping, decentralized exchanges, and blending services to make it more difficult to trace BTC, so converting it to other currencies would be less risky.
It’s no wonder then that US lawmakers and regulators have paid more attention to cryptocurrency in recent times. They have effectively taken a two-pronged approach to tackling ransomware: the first prong is stopping the attacks themselves, and the second prong makes it harder to make obscene sums of money from successful attacks, which means they have to target cryptocurrencies like Bitcoin.