Ransomware attacks in financial institutions “increased significantly” in 2021 – and most are from Russia

A report released by FinCEN (the US Financial Crimes Enforcement Network) this week has revealed a significant uptick in the number of ransomware attacks reported by financial institutions in the second half of 2021, most of which are believed to be coming from Russia.  

The “significant increase” in attacks was discovered via mandatory BSA (US Bank Secrecy Act) suspicious activity report filings, which increased from 458 to 793 between the first and second halves of 2021. 

According to analysis of the data, almost 75% of the attacks could be attributed to Russian-linked actors, costing the US economy US$488m.  

“Today’s report reminds us that ransomware – including attacks perpetrated by Russian-linked actors – remains a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das. “It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”

FinCEN says Russia-related ransomware variants accounted for “69% of ransomware incident value, 75% of ransomware-related incidents, and 58% of unique ransomware variants reported for incidents in the review period.” 

“While attribution of malware is difficult, these variants were identified in open source information as using Russian-language code, being coded specifically not to attack targets in Russia or post-Soviet states or as advertising primarily on Russian-language sites,” says the report. 

According to the report, every one of the top five highest grossing ransomware variants during this time were connected to Russia.

You can view the full FinCEN analysis here.