Threats

Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat

Treasury recently warned that helping to pay ransomware to any entity on its cyber sanctions list could incur civil penalties.

By Jeff Stone

March 24, 2021

(Photo by Yuriko Nakao/Getty Images)

Ransomware victims paid attackers at least $144.35 million in bitcoin between 2013 and 2019, according to a recent Federal Bureau of Investigation bulletin that likely fails to account for millions of dollars.

The figure, published in a Feb. 4 advisory from the bureau, is based on the financial losses than ransomware victims reported to U.S. law enforcement over a six-year span in which digital extortion evolved from a rare corporate annoyance to a global black market. Victimized organizations often do not report ransomware payments to the FBI, and hackers in recent months have demanded tens of millions of dollars from breached firms. U.S. insurers similarly have tried to gather information about the frequency, size and severity of digital crime sprees.

FBI officials publicized the figure as part of a National Cyber Investigative Joint Task Force fact sheet aimed at raising awareness about the ideal prevention and responses practices to ransomware. The federal government is “particularly concerned” about extortion attacks against police and fire departments, hospitals, critical infrastructure facilities, and state, local, tribal and territorial governments.

“These types of attacks can delay first responders in responding to emergencies or prevent a hospital from accessing lifesaving equipment,” the fact sheet said.

The FBI previously said U.S. victims reported $8.9 million in ransomware-related losses in 2019, up from $3.6 million in losses in 2018.

That FBI fact sheet comes after the Department of Homeland Security’s Cybersecurity and Infrastructure Agency warned that hackers were deploying ransomware — most notably the Ryuk and Conti strains — against health care providers during the COVID-19 pandemic, thus forcing administrators to “balance this risk when determining their cybersecurity investments.”

Meanwhile, in October, the Treasury Department’s Office of Foreign Assets Control also warned that paying or helping to pay ransomware to any entity on its cyber sanctions list could incur civil penalties.

Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat

More Like This

SEC’s breach disclosure rule raises concerns about tipping off hackers to flawed systems

Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing

Congress rails against UnitedHealth Group after ransomware attack

Top Stories

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Notorious ransomware group claims responsibility for attacks roiling US pharmacies

FBI, British authorities seize infrastructure of LockBit ransomware group

Pentagon investigating theft of sensitive files by ransomware group

The FBI is adding more cyber-focused agents to U.S. embassies

FBI seizes ALPHV leak website. Hours later, ransomware gang claims it ‘unseized’ it

Ransomware gang broken up in Ukraine as a result of international operation

Ransomware groups rack up victims among corporate America

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics