A new report from the U.S. Treasury Financial Crimes Enforcement Network (FinCEN) finds that three-quarters of “ransomware-related incidents” tracked by FinCEN originated from or were connected to the Russian Federation during the second half of 2021.

The latest data from FinCEN builds on the Bank Secrecy Act (BSA) data and the findings from a similar FinCEN report issued in October 2021 that looked at the rise in ransomware attacks across American infrastructure since late 2020.

“This analysis, which is in response to the increase in number and severity of ransomware attacks against U.S. critical infrastructure since late 2020, addresses the extent to which a substantial number of ransomware attacks likely emanate from, or at a minimum are connected to, actors in Russia,” the report states.

According to the report, “of 793 ransomware-related incidents reported to FinCEN during the second half of 2021, 594, or roughly 75% pertained to Russia-related variants.”

FinCEN was able to attribute 49 different ransomware variants to Russia due to the use of Russian-language code which is “coded specifically not to attack targets in Russia or post-Soviet states,” the report says.

Total damages from some of these variants is estimated at $219 million FinCEN said.

The report’s recommendations to potential ransomware targets include:

  • Incorporate indicators of compromise (IOCs) from threat data sources into intrusion detection systems and security alert systems to enable active blocking or reporting of suspected malicious activity;
  • Contact law enforcement immediately regarding any identified activity related to ransomware, and contact Treasury’s Office of Foreign Assets Control (OFAC) if there is any reason to suspect the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus;
  • Promptly report suspicious activity to FinCEN, highlighting the presence of “Cyber Event Indicators”; and
  • Review financial red flag indicators of ransomware in the “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” issued by FinCEN in November 2021.
Read More About
More Topics
Jose Rascon
Jose Rascon
Jose Rascon is a MeriTalk Staff Reporter covering the intersection of government and technology.