"FinCEN Releases New Report on Ransomware Trends," Blockchain Law Center
On October 15, 2021, the Financial Crimes Enforcement Network ("FinCEN") released an important report on "Ransomware Trends in Bank Secrecy Act Data Between 1/2021 - 6/2021." The report analyzes Suspicious Activity Report ("SAR") data related to ransomware attacks in order to spot trends and offer insights. Key takeaways include:
- "The number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021, up 30 percent from the total of 487 SARs filed for the entire 2020 calendar year. The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million)."
- "Based on blockchain analysis of identifiable transactions with the 177 [convertible virtual currency ("CVC")] wallet addresses, FinCEN identified approximately $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments."
- Ransomware actors are increasingly "requesting payments in Anonymity-enhanced Cryptocurrencies ("AECs") and avoiding reusing wallet addresses, 'chain hopping' and cashing out at centralized exchanges, and using mixing services and decentralized exchanges to convert proceeds."
- The vast majority of payment methods identified in the SARs was in Bitcoin ("BTC"). "[T]he SAR data only noted attackers requested BTC and XMR [Monero] as methods for ransomware-related payment during the observed timeframe." In some instances, the attacker provided both an XMR and a BTC address and imposed an extra fee if payment was made in BTC. In other instances, they exclusively requested payment in XMR but accepted payment in BTC after negotiations.
DISCLAIMER: This article was originally published by McGonigle PC prior to their combination with Davis Wright Tremaine LLP. The article is published here with permission.