Keeping Secrets? Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

Keeping Secrets? Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

Content Assessment: Keeping Secrets? Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

Information – 95%

A short percentage-based assessment of the qualitative benefit of the post highlighting a recent financial trend analysis by the US Department of Treasury’s Financial Crimes Enforcement Network (FinCEN)

Editor’s Note: The Financial Crimes Enforcement Network (FinCEN) is a bureau of the U.S. Department of the Treasury. The Director of FinCEN is appointed by the Secretary of the Treasury and reports to the Treasury Under Secretary for Terrorism and Financial Intelligence. FinCEN’s mission is to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities. FinCEN carries out its mission by receiving and maintaining financial transactions data; analyzing and disseminating that data for law enforcement purposes; and building global cooperation with counterpart organizations in other countries and with international bodies. The following report highlights a recent ransomware trend analysis.

Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

On October 15, 2021, FinCEN issued a financial trend analysis on ransomware trends in Bank Secrecy Act reporting filed between January 2021 and June 2021. This report, issued pursuant to the Anti-Money Laundering Act of 2020, focuses on pattern and trend information pertaining to ransomware, in line with FinCEN’s issuance of government-wide priorities for anti-money laundering and countering the financing of terrorism policy.

Report Extract


Ransomware Filings in First Six Months of 2021 Exceed 2020 Total

The total U.S. dollar value for ransomware-related transactions reported in suspicious activity reports (SARs) filed during the review period exceeds that of any previous year since 2011. In the first six months of 2021, FinCEN identified $590 million in ransomware-related SARs, a 42 percent increase compared to a total of $416 million for all of 2020. If current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined, which would represent a continuing trend of substantial increases in reported year-over-year ransomware activity. This trend potentially reflects the increasing overall prevalence of ransomware-related incidents as well as improved detection and reporting of incidents by covered financial institutions, which may also be related to increased awareness of reporting obligations pertaining to ransomware and willingness to report.

Report Scope and Methodology

FinCEN examined ransomware-related SARs filed between 1 January 2021 and 30 June 2021 to determine trends. The full data set consisted of 635 SARs reporting $590 million in suspicious activity. Of the 635 SARs filed during the review period, 458 report actual transactions that occurred during the review period worth $398 million. The remaining 177 SARs report transactions that occurred before 1 January 2021. FinCEN reviewed and verified each SAR to remove any suspicious activity amount unrelated to ransomware and to extract relevant indicators of compromise (IOCs). From this data, FinCEN identified the top 10 most common ransomware variants and analyzed their IOCs through commercially available analytics tools.

This analysis allowed FinCEN to chart the flow of ransomware payments in BTC to identify which CVC exchanges and services ransomware actors used to launder their proceeds. USD figures cited in this analysis are based on the value of BTC when the transactions occurred. FinCEN also compared data gathered for 2021 to SAR data gathered in previous years in order to track ransomware trends. This data set consisted of 2,184 SARs reflecting $1.56 billion in suspicious activity filed between 1 January 2011 and 30 June 2021.

See the complete report for financial analysis details and findings.

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights cyber, data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

This content was originally published here.


Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top