article featured image


This is the result of the work of the Financial Crimes Enforcement Network (FinCEN) investigators, of the US Treasury Department.

As reported by BleepingComputer, after reviewing 2,184 SARs (Suspicious Activity Reports) issued between January 1, 2011, and June 30, 2021, FinCEN discovered 177 CVC (convertible virtual currency) wallet addresses used for ransomware-related payments, amounting to $1.56 billion in suspicious activity.

The ransomware-related transactions that have been reported in SARs during the review exceed that of any previous year before 2011.

In the first six months of 2021, FinCEN identified $590 million in ransomware-related SARs, a 42 percent increase compared to a total of $416 million for all of 2020.

If current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined, which would represent a continuing trend of substantial increases in reported year-over-year ransomware activity.

The increasing prevalence of ransomware-related attacks is reflected in this potential trend. The incident rise rate may also be attributed to the improved detection and reported incidents. This may also be linked to increased awareness of reporting obligations related to ransomware and companies’ willingness to report the incidents.


Based on blockchain analysis of transactions linked to the 177 CVC wallets, FinCEN identified nearly $5.2 billion in outbound BTC transactions related to ransomware payments.

FinCEN associated these transactions with $590 million in reported transactions and 635 SARs submitted by financial institutions between January 2021 and June 2021.

According to data generated from ransomware-related SARs, the mean average total monthly suspicious amount of ransomware transactions was $66.4 million and the median average was $45 million.

FinCEN identified bitcoin (BTC) as the most common ransomware-related payment method in reported transactions.


The total value of ransomware-related SARs recorded in the first half of 2021, $590 million, has already surpassed the $416 million reported for the full year of 2020. In comparison to the 487 SARs recorded last year, there are now 635 SARs registered till June 2021.

The first half of 2021 recorded 590 million ransomware-related reported incidents. This value has already surpassed the value of ransoms reported in the entire 2020, which was 416 million dollars. The current SARs reported so far this year are 635 compared to 2020s 487 incidents overall.

FinCEN identified 68 current ransomware variants (the most often reported were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos), as well as the top 10 ransomware with the most victims and highest requested ransoms, based on SARs submitted through June 2021.

Governments throughout the world have said that they will crackdown on bitcoin payment methods used by ransomware groups, prompting FinCEN’s Financial Trend Analysis report.

In response to persistent ransomware assaults targeting key global infrastructure, the White House National Security Council convened virtual Counter-Ransomware Initiative meetings last week, which resulted in the joint statement.

As previously reported, preventing ransomware organizations from abusing virtual assets on a worldwide scale would have a direct impact on their business model and the primary tool they employ to collect ransoms from their victims.

If you liked this article, you can follow us on LinkedInTwitterYouTubeFacebookand Instagram.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *