FinCEN Analysis Reveals Ransomware Reporting in BSA Filings Increased Significantly During the Second Half of 2021

WASHINGTON—The Financial Crimes Enforcement Network (FinCEN) today issued its most recent Financial Trend Analysis of ransomware-related Bank Secrecy Act (BSA) filings for 2021, indicating that ransomware continued to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public. The report focuses on ransomware trends in BSA filings from July-December 2021, and addresses the extent to which a substantial number of ransomware attacks appear to be connected to actors in Russia.

“Today’s report reminds us that ransomware—including attacks perpetrated by Russian-linked actors— remain a serious threat to our national and economic security,” said FinCEN Acting Director Himamauli Das. “It also underscores the importance of BSA filings, which allow us to uncover trends and patterns in support of whole-of-government efforts to prevent and combat ransomware attacks. Financial institutions play a critical role in helping to protect the United States from ransomware-related threats simply by fulfilling their BSA compliance obligations.”

FinCEN issued today’s report pursuant to the Anti-Money Laundering Act of 2020 and in response to an increase in the number and severity of ransomware attacks against U.S. critical infrastructure since late 2020. Analysis covers pertinent ransomware activities for calendar year 2021, focuses on the second half of 2021, and builds on the BSA data underlying FinCEN’s October 2021 report. Among the most notable findings in the report:

FinCEN continues to leverage the full range of its information collection authorities to enhance transparency and combat ongoing threats from illicit cyber actors, in line with government-wide priorities for anti-money laundering and countering the financing of terrorism policy. Visit FinCEN’s website to view its significant efforts in the ransomware space. Visit CISA’s Stop Ransomware site for more information and resources on ransomware.