Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Ransomware Payments Up 70% in 2021: The Good, Bad and Ugly of Last Year

May 24, 2022

The Washington Post reported (gift article) that ransomware victims paid over $600 million in ransom payments in 2021 according to the firm Chainalysis, a 70 percent increase over 2020. And there’s been limited progress on some big goals, such as making it harder to covertly transfer ransoms using cryptocurrency.

“Ransomware continues to hammer on health care, continues to hammer on education and continues to hammer on industry — and these [hackers], in many different ways, continue to act with impunity,” Philip Reiner, a co-chair of the Ransomware Task Force and CEO of the Institute for Security and Technology (IST), said.

There is a long way to go in the fight against ransomware. Data suggests ransomware attacks have held steady or are increasing and many of the most common victims, including schools and small businesses, are no better protected than they were a year ago.

On the positive side, the Ransomware Task Force reports that Justice Department prosecutors have ramped up legal charges against ransomware hackers and operations to get back cryptocurrency paid as ransoms. The department recovered more than $8 million connected to ransoms from attacks on Colonial Pipeline and the IT service firm Kaseya.

The United States and international allies have come together on counter-ransomware initiatives, including calling on Russia to stop providing a safe haven for ransomware hackers.

Congress has greatly increased funding for counter-ransomware work at the Cybersecurity and Infrastructure Security Agency (CISA) and elsewhere in government.

The task force will focus on some big priorities in the coming year.

One project focuses on making it easier for small and medium businesses to get up-to-date information about cyberthreats — and to share information about threats they’re facing with the government.

Government efforts so far have mainly focused on larger businesses and those on sectors deemed critical for national security.

Congress recently passed a law mandating that companies in critical sectors share information about significant breaches with the government. The task force is seeking to leverage the implementation of that law to increase voluntary cyberthreat information sharing among a larger group of businesses.

Other ongoing projects are aimed at making it tougher for ransomware hackers to demand and receive ransoms using cryptocurrency and examining cyber insurance changes that would make ransomware attacks less successful.

The task force anticipates there will be other attacks beside ransomware – though right now, ransomware is a very major focus. What’s next? I think that’s anyone’s guess right now.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson