In the first six months of 2021, the Financial Crimes Enforcement Network identified $590 million in ransomware-related Suspicious Activity Reports, a 42% increase compared to the 2020 total of $416 million. If current trends continue, FinCEN said, ransomware-related SARs submitted in 2021 are expected to have a higher transaction value than similar SARs filed in the previous 10 years combined.
The rise could reflect improved detection and reporting of incidents by covered financial institutions, FinCEN said, adding that the uptick in activity could also be related to increased awareness of reporting obligations about ransomware and willingness to report.
The median average payment amount for ransomware-related transactions in the first half of the year was $102,273, a slight increase from the same period last year. FinCEN noted that the vast majority of ransomware-related payments were for less than $250,000.
With ransomware payments often paid using a virtual currency, the Treasury Department’s Office of Foreign Assets Control today released guidance, with the FinCEN report, on how financial institutions can incorporate virtual currencies in their sanctions compliance programs. The guidance includes case studies, best practices, OFAC requirements as well as information about enforcement procedures.