top of page
  • Writer's pictureDeborah

The Financial Crimes Enforcement Network (FinCEN) published its report on threat patterns and ransomware trends for the first half of 2021. Derived from the Suspicious Activity Reports (SARs) provided by financial institutions, the report shows the increasing threat of ransomware in the U.S. financial sector, business and the public.

Ransomware is explained in the report as “malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid”. Cyber criminals have adopted different approaches to targeting their ransomware victims, new methods to maximize ransomware payouts and novel ways to obfuscate their identities in the payment transactions.

The report provides insights into the changing preferred payment options. Bitcoin was the most common ransomware-related payment method however threat actors are increasingly requesting payments in Anonymity-enhanced Cryptocurrencies (AECs). Threat actors are also :

  • Avoiding reuse of wallets

  • Cashing out deposits at foreign centralized convertible virtual currency (CVC) exchanges with inadequate AML/CFT standards

  • Converting CVC in different CVC at least once before transferring funds to another platform or service, a practice referred to as “chain hopping”

  • Using mixing services to conceal the source of CVC

  • Converting ransomware-related payments to other types of CVCs through decentralized exchanges lacking account or custodial relationships

Overall, in the first half of 2021, the number of SARs reported exceeded those reported for the full year 2020 by 30% reaching 635 in total. In terms of total U.S. dollar value, ransomware-related SARs represented $590 million, a 42% increase compared to all of 2020.

These reports are related to sixty-eight ransomware variants, of which REvil/Sodinokobi, Conti, Darkside, Avaddon and Phobos were the most common.

FinCEN’s guidance for financial institutions on reporting ransomware-related incidents is available at

Cybercrime, including cybersecurity and virtual currency considerations, is one of the U.S. national priorities for anti-money laundering and countering the financing of terrorism (see Ameis’ RegFacts news here).

Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page