top of page
  • Writer's pictureDeborah

The Financial Crimes Enforcement Network (FinCEN) published its report on threat patterns and ransomware trends for the first half of 2021. Derived from the Suspicious Activity Reports (SARs) provided by financial institutions, the report shows the increasing threat of ransomware in the U.S. financial sector, business and the public.

Ransomware is explained in the report as “malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid”. Cyber criminals have adopted different approaches to targeting their ransomware victims, new methods to maximize ransomware payouts and novel ways to obfuscate their identities in the payment transactions.

The report provides insights into the changing preferred payment options. Bitcoin was the most common ransomware-related payment method however threat actors are increasingly requesting payments in Anonymity-enhanced Cryptocurrencies (AECs). Threat actors are also :

  • Avoiding reuse of wallets

  • Cashing out deposits at foreign centralized convertible virtual currency (CVC) exchanges with inadequate AML/CFT standards

  • Converting CVC in different CVC at least once before transferring funds to another platform or service, a practice referred to as “chain hopping”

  • Using mixing services to conceal the source of CVC

  • Converting ransomware-related payments to other types of CVCs through decentralized exchanges lacking account or custodial relationships

Overall, in the first half of 2021, the number of SARs reported exceeded those reported for the full year 2020 by 30% reaching 635 in total. In terms of total U.S. dollar value, ransomware-related SARs represented $590 million, a 42% increase compared to all of 2020.

These reports are related to sixty-eight ransomware variants, of which REvil/Sodinokobi, Conti, Darkside, Avaddon and Phobos were the most common.

FinCEN’s guidance for financial institutions on reporting ransomware-related incidents is available at

Cybercrime, including cybersecurity and virtual currency considerations, is one of the U.S. national priorities for anti-money laundering and countering the financing of terrorism (see Ameis’ RegFacts news here).

Recent Posts

See All

Product Corner - VAs : Quèsaco

Virtual Assets (VAs) or crypto assets refer to : “any digital representation of value that can be digitally traded, transferred or used for payment. It does not include digital representation of fiat

Upcoming Regulatory Deadlines to Watch

10 Aug 2023 - Deadline to submit comments to FCA Guidance Consultation (GC23/1) on crypto asset financial promotions. 5 Sep 2023 - Effective date of SEC Cybersecurity Risk Management, Strategy, Govern


bottom of page