The Financial Crimes Enforcement Network (FinCEN) of the US Treasury Department has discovered about $5.2 billion of Bitcoin transactions that are likely linked to the top 10 most often reported ransomware variants.
After reviewing 2,184 SARs (Suspicious Activity Reports) issued between January 1, 2011, and June 30, 2021, FinCEN discovered 177 CVC (convertible virtual currency) wallet addresses used for ransomware-related payments, totaling $1.56 billion in suspicious activity.
The blockchain examination of transactions associated with the 177 CVC wallets revealed that they were outbound BTC transactions that might have been related to ransomware payments.
According to FinCEN, their transactions were also connected to a total of $590 million uncovered by 458 transactions recorded and 635 SARs submitted by financial institutions between January 2021 – June 2021.
FinCEN said that according to information obtained from ransomware-related SARs, the median monthly suspect amount of ransomware transactions was $45 million, while the mean monthly suspicious amount was $66.4 million.
The most prevalent ransomware-related payment mechanism in recorded transactions, according to FinCEN, is bitcoin (BTC).
The total value of ransomware-related SARs recorded in the first half of 2021, $590 million, has already surpassed the $416 million reported for the entire year of 2020. In comparison to the 487 SARs recorded last year, there are now 635 SARs registered till June 2021.
Based on SARs submitted through June 2021, FinCEN found 68 active ransomware variants (the most often reported were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos), as well as the top 10 ransomware with the most victims and highest requested ransoms.