Bitcoin Most Demanded in Ransomware Payments According to FinCEN Report

2 mins
18 October 2021, 09:34 GMT+0000
Updated by Kyle Baird
18 October 2021, 09:34 GMT+0000
In Brief
  • The Financial Crimes Enforcement Network has released a report covering Ransomware trends from the first six months of 2021, with crypto being a predominant taking point.
  • Bitcoin was identified as the “most common” payment method which ransomware attackers demanded from their targets.
  • Approximately $5.2 billion in outgoing BTC transactions “potentially tied to ransomware payments” were identified between January and June 2021.
  • promo

On Oct 15, 2021, the Financial Crimes Enforcement Network (FinCEN) in the US released a report called ‘Financial Trend Analysis: Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021.’ This report contains some key insights into the relationship between cryptocurrency and ransomware-related financial crimes.

It appears that a large proportion of this report is specifically targeted at covering the role that cryptocurrencies play in the world of ransomware in 2021. In total, the organization claims to have “identified approximately $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments” in the course of its research for the report.

According to the FinCEN report, over the first half of 2021 bitcoin has become “the most common ransomware-related payment method in reported transactions” and XMR (Monero) appears to be second.

The rising problem with crypto in ransomware

Indeed, the most prevalent ransomware variants listed by FinCEN include ‘REvil,’  a form of threat that has been well known for being used to extort its victims specifically for payments using the bitcoin cryptocurrency.

In the report, FinCEN specifically names the methods which these criminals are using to evade detection by regulatory and legal authorities. For example, the criminals behind ransomware are increasingly demanding payments using ‘Anonymity-enhanced cryptocurrencies’ (think Monero or DASH) when they attempt to extort their targets.

Many privacy cryptocurrencies are based on permissionless networks like Bitcoin. Unlike Bitcoin, they employ advanced encryption and cryptographic techniques to obscure additional details which could otherwise be used to identify address owners, their account balances, and potentially the amount of crypto associated with individual transactions associated with those addresses.

The report also mentions that ransomware attackers are using Tor to evade detection, as well as “avoiding reusing wallet addresses, ‘chain hopping’ and cashing out at centralized exchanges, and using mixing services and decentralized exchanges to convert proceeds.”

The freedom associated with cryptocurrencies like bitcoin is more commonly considered to be one of their benefits, but the flip side of this freedom is accessibility to financial criminals such as scammers and money launderers. While this isn’t an issue that affects the average user, it’s a huge sticking point for regulators and one argument on the side of CDBC advocates.


BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.