A new report shows that organizations paid a staggering $5.2B in Bitcoin in 2021 H1 to cybercriminals. Additionally, ransomware transactions have doubled in 2021 compared to last year.
Billions In Ransomware Transactions
The U.S. Treasury Department said Friday that banks had reported a nearly double volume of suspected ransomware payments this year, compared to 2020. The concerning findings further confirm the threat that is ransomware.
Transactions worth almost $600 million from the first half of 2021 were thought to be possible ransomware payments. That is more than 40% more than the total for all of last year.
However, Treasury Department investigators hinted at a much higher amount after identifying approximately $5.2 billion in bitcoin transactions as possible payments to cybercrooks.
The report came right on the heels of more than 30 countries committing to taking coordinated action against ransomware attacks, including more rigorous regulations for the crypto sector and data sharing.
The White House has turned fighting ransomware attacks a top priority, launching an interagency task force, sanctioning a cryptocurrency exchange that allegedly facilitated ransomware transactions for the first time. In addition, it issued new regulations for financial institutions and industries at risk.
Sanctions For Organizations That Pay The Ransom
The report came alongside new guidelines that urge organizations to strengthen their defenses and not to pay ransoms. Failing to abide by the new rules can result in penalties and other sanctions. U.S. officials warned that more sanctions are imminent. They also said that the private sector had failed so far to take the necessary precautions to defend against cyberthreats.
“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Wally Adeyemo, deputy secretary of the Treasury, in a statement accompanying the report. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”
Treasury Department issued clear warnings to the private sector that it will hold responsible organizations that don’t comply with obligations to block possible ransomware transactions.
Former Treasury Department sanctions official Eric Lorber said the cryptocurrency sector had been finally provided important regulatory clarity.
“There are many companies who are operating in the virtual currency space who don’t really know what their obligations are, what Treasury expects of them,” said Mr. Lorber, now managing director at the risk-and-compliance consulting firm K2 Integrity.
The new guidelines tell companies that they must establish compliance systems that screen transactions and customers against blacklisted countries, such as Iran and North Korea, sanctioned individuals, companies, and crypto-wallets.
The Treasury Department’s Office of Foreign Assets Control also urged the cryptocurrency sector not to postpone implementing the new compliance procedures to avoid exposing themselves to “a wide variety of potential sanctions risks.”
The message, said Mr. Lorber, is, “If we see failure in this industry to do this, there will be significant consequences.”
Protect Your Company From Cyberthreats With ATTACK Simulator’s Security Awareness Training
Most ransomware attacks start with phishing emails.
To prevent such costly incidents from happening, implement security awareness training in your company.
Over one billion phishing emails are sent out each day, and many of them bypass security filters. Thus, you need to be able to rely on your employees to stay vigilant and spot phishing scams.
You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.
Researching the latest phishing trends and strategies and adequately training your employees can be a hassle, so leave it to professionals.
ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.