Nearly $1.2 billion in ransomware attack-related costs have been incurred by U.S. financial entities in 2021, which was almost 200% higher than in 2020, CyberScoop reports.
Four of the five leading ransomware variants identified in attacks against financial institutions in the U.S. were associated with Russia, a report from the U.S. Treasury Department's Financial Crimes Enforcement Network showed.
The findings may only represent the "tip of the iceberg," according to Emsisoft threat analyst Brett Callow.
"FinCENs rules only impose reporting requirements on U.S. financial institutions, meaning payments by victims or financial institutions outside the U.S. are not included. The report nonetheless provides an indication of the massive sums involved in the ransomware economy which, of course, is why the ransomware problem will be so hard to solve. The cybercriminals are motivated by the potential to earn millions," said Callow.
The report comes as international leaders part of the White House's two-day ransomware summit agreed to establish the International Counter Ransomware Task Force in an effort to curb ransomware operations.
Global cooperation has been noted by Deputy Secretary of the Treasury Wally Adeyemo to be crucial in thwarting ransomware.
US financial institutions’ ransomware losses exceed $1B
Nearly $1.2 billion in ransomware attack-related costs have been incurred by U.S. financial entities in 2021, which was almost 200% higher than in 2020, CyberScoop reports.
Almost 75% of all reported cyberinsurance claims during the first half of this year were attributed to business email compromise attacks, ransomware incidents, and fund transfer fraud, with average ransomware claim losses totaling $353,000.
Such a development comes months after National Public Data admitted the exposure of a database stolen from a December 2023 breach beginning in April, which was then followed by civil penalties being sought by over 20 states as well as potential fines from the Federal Trade Commission.
Investigation into the incident revealed the exfiltration of personal data from Casio and its affiliates' permanent and temporary employees, business partners, customers, and interviewed prospects for employment, as well as contracts with business partners.