Skip to content

Victims Paid $590 Million to Ransomware Hackers in First Half of 2020: Treasury

A Colonial Pipeline station is seen in Smyrna, Ga., on May 11, 2021. (Mike Stewart/AP Photo)

Victims of ransomware attacks paid hackers $590 million during the first six months of 2021, more than in all of 2020, according to an analysis of suspicious activity reports by the Treasury Department.

number and severity of ransomware attacks surged in 2021. Prominent incidents include the hacking of the Colonial Pipeline, which paid the hackers millions to unlock its systems. attack led to gasoline shortages on the East Coast.

“Other recent attacks have targeted various sectors, including manufacturing, legal, insurance, health care, energy, education, and the food supply chain in the United States and across the globe,” the Treasury report (pdf) states.

Treasury’s report is based on suspicious activity reports filed by banks and other financial institutions. department received 635 such reports during the first half of 2021, up from 458 reports in all of 2020.

Bitcoin was the most common method of ransomware payment, the report said.

most common ransomware variants used during that period include names that figured in some of the prominent attacks this year, including聽REvil/Sodinokibi and DarkSide.

$590 million figure is only a fraction of the total ransomware payouts in the United States and around the world. Treasury analyzed cryptocurrency wallets used for ransomware payments and found $5.2 billion in outgoing bitcoin transactions potentially linked to ransomware payouts.

Ransomware hackers are increasingly requesting payments in anonymity-enhanced cryptocurrencies, according to the report. y avoid reusing cryptocurrency wallets and are “using mixing services and decentralized exchanges to convert proceeds,” the report said.

Ransomware attacks encrypt the victims’ computer systems and hold them hostage with a demand for a hefty ransom. attackers have recently shifted from a high volume opportunistic approach to a more sophisticated strategy focusing on bigger targets.

“Some ransomware actors have diversified their revenue streams using a ransomware-as-a-service business model in which ransomware creators sell user-friendly ransomware kits on the Dark Web or outsource ransomware distribution to affiliates in exchange for a percentage of聽the ransom. This lowers the technical expertise needed to carry out an attack,” the Treasury report states.

pandemic-driven shift to remote work has made businesses more vulnerable to attacks. re has been a considerable uptick in attacks on medical businesses due to their propensity to pay ransom to unlock critical healthcare data amid the pandemic, according to the Treasury.

Pezou : Victims Paid $590 Million to Ransomware Hackers in First Half of 2020: Treasury