• Deborah

The Financial Crimes Enforcement Network (FinCEN) published its report on threat patterns and ransomware trends for the first half of 2021. Derived from the Suspicious Activity Reports (SARs) provided by financial institutions, the report shows the increasing threat of ransomware in the U.S. financial sector, business and the public.


Ransomware is explained in the report as “malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid”. Cyber criminals have adopted different approaches to targeting their ransomware victims, new methods to maximize ransomware payouts and novel ways to obfuscate their identities in the payment transactions.


The report provides insights into the changing preferred payment options. Bitcoin was the most common ransomware-related payment method however threat actors are increasingly requesting payments in Anonymity-enhanced Cryptocurrencies (AECs). Threat actors are also :


  • Avoiding reuse of wallets

  • Cashing out deposits at foreign centralized convertible virtual currency (CVC) exchanges with inadequate AML/CFT standards

  • Converting CVC in different CVC at least once before transferring funds to another platform or service, a practice referred to as “chain hopping”

  • Using mixing services to conceal the source of CVC

  • Converting ransomware-related payments to other types of CVCs through decentralized exchanges lacking account or custodial relationships


Overall, in the first half of 2021, the number of SARs reported exceeded those reported for the full year 2020 by 30% reaching 635 in total. In terms of total U.S. dollar value, ransomware-related SARs represented $590 million, a 42% increase compared to all of 2020.


These reports are related to sixty-eight ransomware variants, of which REvil/Sodinokobi, Conti, Darkside, Avaddon and Phobos were the most common.


FinCEN’s guidance for financial institutions on reporting ransomware-related incidents is available at https://www.fincen.gov/resources/advisoriesbulletinsfact-sheets.


Cybercrime, including cybersecurity and virtual currency considerations, is one of the U.S. national priorities for anti-money laundering and countering the financing of terrorism (see Ameis’ RegFacts news here).


Recent Posts

See All

22/09/2022 - Coming into force of certain requirements regarding the Québec’s Act respecting the protection of personal information in the private sector, introduced by Bill 64, including but limited