Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat

In this photo illustration, a gold necklace, one-ounce silver bullion coins, visual representations of the digital cryptocurrency, Bitcoin are placed atop banknotes of Euro, Japanese Yen, Chinese Yuan, and a US dollar bill on February 20, 2021 in Katwijk, Netherlands. (Photo by Yuriko Nakao/Getty Images)

Share

Written by

Ransomware victims paid attackers at least $144.35 million in bitcoin between 2013 and 2019, according to a recent Federal Bureau of Investigation bulletin that likely fails to account for millions of dollars. 

The figure, published in a Feb. 4 advisory from the bureau, is based on the financial losses than ransomware victims reported to U.S. law enforcement over a six-year span in which digital extortion evolved from a rare corporate annoyance to a global black market. Victimized organizations often do not report ransomware payments to the FBI, and hackers in recent months have demanded tens of millions of dollars from breached firms. U.S. insurers similarly have tried to gather information about the frequency, size and severity of digital crime sprees. 

FBI officials publicized the figure as part of a National Cyber Investigative Joint Task Force fact sheet aimed at raising awareness about the ideal prevention and responses practices to ransomware. The federal government is “particularly concerned” about extortion attacks against police and fire departments, hospitals, critical infrastructure facilities, and state, local, tribal and territorial governments. 

“These types of attacks can delay first responders in responding to emergencies or prevent a hospital from accessing lifesaving equipment,” the fact sheet said. 

The FBI previously said U.S. victims reported $8.9 million in ransomware-related losses in 2019, up from $3.6 million in losses in 2018. 

That FBI fact sheet comes after the Department of Homeland Security’s Cybersecurity and Infrastructure Agency warned that hackers were deploying ransomware — most notably the Ryuk and Conti strains — against health care providers during the COVID-19 pandemic, thus forcing administrators to “balance this risk when determining their cybersecurity investments.”

Meanwhile, in October, the Treasury Department’s Office of Foreign Assets Control also warned that paying or helping to pay ransomware to any entity on its cyber sanctions list could incur civil penalties.

-In this Story-

bitcoin, FBI, ransomware, Ransomware Editorial Series 2021
TwitterFacebookLinkedInRedditGmail