[TheRecord] US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments

The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments.

FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the last decade, between January 1, 2011, and June 30, 2021.

While the initial SAR reports highlighted $1.56 billion in suspicious activity, a subsequent FinCEN investigation of the Top 10 most common ransomware variants exposed additional transactions, amounting to around $5.2 billion just from these groups alone.

Image: FinCEN

$590 million in ransomware payments in H1 2021

But while the FinCEN report included some historical data on past ransomware attacks, most of the organization’s investigation focused on the first half of 2021 and the analysis of recent trends.

According to FinCEN:

Financial institutions filed 635 SARs in the first half of 2021 related to suspected ransomware activity.The SARs referenced 458 suspicious transactions amounting to $590 million.The H1 2021 figure exceeds the value reported for the entirety of 2020, which was $416 million, showing an uptick in ransomware activity.The average amount of reported ransomware transactions per month in 2021 was $102.3 million.Based on SARs data, FinCEN said it identified 68 different ransomware variants active in H1 2021.The most commonly reported variants in H1 2021 were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.

The report’s conclusion unequivocally points to a ramp-up in ransomware-related activities throughout 2021.

It also highlights several growing trends among ransomware money laundering operations, such as:

Using anonymity-enhanced cryptocurrencies, such as Monero.Avoiding reusing wallet addresses to prevent security firms from easily identifying and tracking transactions.Using the “chain hopping” technique to exchange funds into other cryptocurrency variants.Cashing out at centralized exchangesUsing mixing services and decentralized exchanges to convert proceeds.

The FinCEN report comes as the US Treasury announced plans earlier today to sanction any virtual currency entity that helps ransomware gangs launder their proceeds.

The Treasury announcement also comes a day after the Biden administration concluded a two-day meeting with representatives from more than 30 countries where officials discussed ways to combat the ransomware epidemic.

One of the methods countries agreed on during the talks was to crack down on cryptocurrency exchanges that are currently turning a blind eye and helping ransomware gangs launder and cash out their profits.

If the US Treasury decides to go this route and impose new sanctions on cryptocurrency entities for helping ransomware gangs, this wouldn’t be the first time they do so, as the agency already sanctioned Russian cryptocurrency exchange Suex last month for the same reason.

The post US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] OT Security Firm Nozomi Networks Raises $100 Million

All posts, Security Week

Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability

All posts, Security Week

VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. read more Source: Read More (SecurityWeek […]

Read More

[BleepingComputer] Lorenz ransomware decryptor recovers victims’ files for free

Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom. […] Source: Read More (BleepingComputer)

Read More