Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks, Per Analysis

A new analysis from the Department of Justice’s Financial Crimes Enforcement Network reveals that Russian actors comprised roughly three-quarters of recorded ransomware incidents during the latter portion of 2021, contributing to the sharp uptick in ransomware attacks experienced over the course of 2021 versus 2020.

Building off of data collected from the Bank Secrecy Act and an earlier agency report, FinCEN officials attributed 594 of the ransomware-related activities recorded between July and December 2021 to Russia-linked actors, out of a cumulative 793 reported to the agency during that time frame. The total cost of incidents over that time period was $488 million. 

“Today’s report reminds us that ransomware—including attacks perpetrated by Russian-linked actors— remain a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das. “It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”

Earlier in October, FinCEN issued a larger report showcasing the amount of money lost to ransomware attacks increased from the $527 million lost in 2020 to about $886 million dollars over the course of 2021, representing a 68% increase in the cost of malicious cyberattacks. 

Specifically, officials recorded 1,251 ransomware attacks in 2021, as opposed to just 602 incidents in 2020. 

This newer report focused on ransomware variants, or individual versions of ransomware, and how prevalent Russian actors were in the malware’s deployment. FinCEN authors reviewed 84 unique ransomware variants during the review period in 2021, and ultimately identified about 58% as being related to suspected Russian cyber actors. 

“While attribution of malware is difficult, these variants were identified in open source information as using Russian-language code, being coded specifically not to attack targets in Russia or post-Soviet states or as advertising primarily on Russian-language sites,” the report said. 

Further analysis revealed that four of the top five most costly ransomware incidents were linked to Russia. 

The report debuts as the U.S. participates in the second annual International Counter Ransomware Initiative Summit, joined by 36 other countries. Russia’s cyber presence will be a major talking point, as the nation’s invasion of Ukraine stirred geopolitical tensions and gave way to more potential Russian state-sponsored cyber attacks on the U.S. and its allies.