A header image for our KYC News blog about FinCEN's new ransomware report.
KYC news

FinCEN’s ransomware report reveals analysis of SAR data

A new report from the Financial Crimes Enforcement Network, looking at suspicious activity reports from financial institutions, has revealed growth in ransomware attacks in 2021 - read below to discover more.

Author December 10th, 2021



Love this blog? Why not share it with the world?

A new report from the Financial Crimes Enforcement Network (FinCEN) has revealed a substantial increase in the prevalence of ransomware attacks in the first half of 2021.

Section 6206 of the Anti-Money Laundering Act (AMLA) of 2020 requires FinCEN to periodically publish analytical reports based on the suspicious activity reports (SARs) filed by financial institutions. The January 2021 to June 2021 edition of the report was the first issued by FinCEN under the agreement.  

Substantially more ransomware-related SARs filed in 2021

The report found that the number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021. This is an increase of 30% from the total of 487 SARs filed for the entire 2020 calendar year.

The report also found that the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million. This exceeds the value reported for the entirety of 2020 ($416 million).

Overall, bitcoin was the most common ransomware-related payment method in reported transactions, but the use of anonymity-enhanced cryptocurrencies (AECs) is also rising. However, privacy coin Monero was noted in only 17 SARs, and cryptocurrency mixers were only reported in approximately 1% of ransomware transactions.

In addition to this, the report also found that:

  • 68 ransomware variants were reported in the SAR data, with the most common variants including REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos
  • Wallets associated with the 10 variants examined by the report sent BTC valued at $5.2 billion to known entities, either directly or indirectly
  • A handful of digital forensics and incident response (DFIR) firms accounted for 63% of SARs filed in the first-half of 2021
  • Victims typically communicated with the threat actors via The Onion Router (Tor), encrypted email, non-encrypted email, and unidentified web portals provided by the attackers

Common money laundering typologies attributed to ransomware variants

By analyzing ransomware-related SARs, conducting blockchain analysis, and leveraging industry observations, FinCEN identified at least six money laundering typologies that were common among ransomware variants in 2021. These were:

  1. Threat actors are increasingly requesting payment in AECs
  2. Threat actors are avoiding reusing wallet addresses
  3. Centralized convertible virtual currency (CVC) exchanges have become preferred cash-out points
  4. ‘Chain hopping’ is used to obfuscate financial trails on blockchains
  5. Mixing services are prevalent in 2021
  6. Decentralized exchanges are likely used to convert illicit proceeds

Fight financial crime with Veriff

Over the past year, the issue of ransomware has continued to draw significant attention from enforcement agencies, law makers, and political appointees. As a result, the pressure is now mounting on regulators and law enforcement agencies to take meaningful enforcement action against businesses and service providers that do not comply with recent AML/CFT legislation.

Thankfully, our AI-powered identity verification and KYC solution will help you prevent fraud, guarantee compliance, increase conversions and ensure that you always know who your customers are.

With our identity verification platform, you can welcome honest customers and lock out fraudsters. Our platform is easy to integrate and gives you compliance in a couple of clicks. To learn more, talk to us today.

Stay up to date on Veriff news, product updates, and more

Veriff will only use the information you provide to share blog updates. You can unsubscribe any time. For more details, check out our privacy policy.

Related articles

Feds charge two 20-year-olds in alleged NFT money laundering scheme

KYC news

Feds charge two 20-year-olds in alleged NFT money laundering scheme

The ice-cream-themed NFTs involved in the scheme were known as ‘Frosties’. Early investors were promised future giveaways, access to future releases, and a metaverse game built around the brand. However, prosecutors allege that Ethan Nguyen and Andre Llacuna executed a ‘rug pull’ in January.

Hackers stole more than $600 million in crypto – but they’re struggling to launder it

KYC news

Hackers stole more than $600 million in crypto – but they’re struggling to launder it

The thieves are struggling to exchange the dirty cryptocurrency for cleaner funds. After all, governments around the world have ramped up law-enforcement efforts to seize stolen funds and bolstered money-laundering regulations for crypto exchanges. Such efforts make transferring the funds to exchanges difficult. 

NFTs: Money laundering and wash trading on the rise

KYC news

NFTs: Money laundering and wash trading on the rise

The company analyzed NFT sales to self-financed addresses and found that several NFT sellers have conducted hundreds of ‘wash trades’. These trades involve the seller being on both sides of the transaction, and they’re used to paint a misleading picture of an NFT’s value and liquidity.