In the first six months of this year, 2021, alone people and organizations in the United States paid out $590 million in extortion payments to ransomware hackers. This, according to a new report released by the U.S. Department of the Treasury.
Ransomware works by taking control of a victim’s computer or even the entire systems of a private organization through a type of computer virus. The attackers then extort a fee in exchange for returning control of the computers affected to their owners.
Last year, Israeli firms were hit by the Pay2key ransomware. Check Point was able to track Pay2Key back to its source, which turned out to be Iran.
Ransomware is such a threat that Israeli firms that protect against it have been making huge exits. For example, last month Akamai Technologies acquired Tel Aviv-based cybersecurity startup Guardicore for $600 million. Guardicore has created a platform for proactively preventing ransomware and other intrusions through the use of impenetrable secure cells (network micro-segmentation), real-time threat detection, and response.
The Treasury Department cited data collected by the Financial Crimes Enforcement Network (FinCEN) which shows the increasing threat ransomware posed to the U.S financial sector, businesses, and the public during the first half of 2021. Treasury said that its actions underscore the need for a collaborative approach to counter ransomware attacks, including public-private partnerships and close relationships with international partners.
“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” said Deputy Secretary of the Treasury Wally Adeyemo. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”
FinCEN identified 68 different ransomware variants reported in SAR data for transactions occurring between January 1, 2021 and June 30, 2021. The most commonly reported variants were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.
Cryptocurrencies are also making such attacks more prevalent as their use provides an opening to hackers to hit systems. “The growing prevalence of virtual currency as a payment method brings greater exposure to sanctions risks—like the risk that a sanctioned person or a person in a sanctioned jurisdiction might be involved in a virtual currency transaction,” said the report.” Accordingly, the virtual currency industry plays an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies.”