[TheRecord] US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments

The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments.

FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the last decade, between January 1, 2011, and June 30, 2021.

While the initial SAR reports highlighted $1.56 billion in suspicious activity, a subsequent FinCEN investigation of the Top 10 most common ransomware variants exposed additional transactions, amounting to around $5.2 billion just from these groups alone.

Image: FinCEN

$590 million in ransomware payments in H1 2021

But while the FinCEN report included some historical data on past ransomware attacks, most of the organization’s investigation focused on the first half of 2021 and the analysis of recent trends.

According to FinCEN:

Financial institutions filed 635 SARs in the first half of 2021 related to suspected ransomware activity.The SARs referenced 458 suspicious transactions amounting to $590 million.The H1 2021 figure exceeds the value reported for the entirety of 2020, which was $416 million, showing an uptick in ransomware activity.The average amount of reported ransomware transactions per month in 2021 was $102.3 million.Based on SARs data, FinCEN said it identified 68 different ransomware variants active in H1 2021.The most commonly reported variants in H1 2021 were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.

The report’s conclusion unequivocally points to a ramp-up in ransomware-related activities throughout 2021.

It also highlights several growing trends among ransomware money laundering operations, such as:

Using anonymity-enhanced cryptocurrencies, such as Monero.Avoiding reusing wallet addresses to prevent security firms from easily identifying and tracking transactions.Using the “chain hopping” technique to exchange funds into other cryptocurrency variants.Cashing out at centralized exchangesUsing mixing services and decentralized exchanges to convert proceeds.

The FinCEN report comes as the US Treasury announced plans earlier today to sanction any virtual currency entity that helps ransomware gangs launder their proceeds.

The Treasury announcement also comes a day after the Biden administration concluded a two-day meeting with representatives from more than 30 countries where officials discussed ways to combat the ransomware epidemic.

One of the methods countries agreed on during the talks was to crack down on cryptocurrency exchanges that are currently turning a blind eye and helping ransomware gangs launder and cash out their profits.

If the US Treasury decides to go this route and impose new sanctions on cryptocurrency entities for helping ransomware gangs, this wouldn’t be the first time they do so, as the agency already sanctioned Russian cryptocurrency exchange Suex last month for the same reason.

The post US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Cisco Patches Critical Vulnerability in Contact Center Products

All posts, Security Week

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, […]

Read More

[ThreatPost] Creaky Old WannaCry, GandCrab Top the Ransomware Scene

All posts, ThreatPost

Nothing like zombie campaigns: WannaCry’s old as dirt, and GandCrab threw in the towel years ago. They’re on auto-pilot at this point, researchers say. Source: Read More (Threatpost)

Read More