What is ransomware?

Ransomware poses a prolific and grave threat to the U.S. economy, as demonstrated by the 2021 Colonial Pipeline incident, which showed the staggering impacts ransomware attacks can have on both businesses and households. In 2020, adjusted losses from ransomware reached $29.1 million, according to the FBI, up from $8.9 million in 2019. However, since victims rarely report ransomware payments to their financial institution or law enforcement, some estimates indicate that total losses may be closer to $350 million per year.

Ransomware is a type of malicious software (or malware) that prevents a business or individual from accessing computer files, systems or networks until a ransom is paid to restore normal operations. Ransomware is often delivered through phishing emails that appear to come from legitimate customers or contacts; these emails will contain links or attachments that, when clicked on, may take control of the user’s computer and potentially infect other files on the network.

These incidents can severely disrupt business processes and block access to critical data. Criminals use these disruptions and the threat of public disclosure to their advantage to demand payment from their victims, typically in the form of cryptocurrency.  Cryptocurrency offers the advantage of anonymity while also making it easy for criminals to verify — using publicly available blockchain data — that a payment has been completed. Victims who decide to pay the demand are usually given instructions on how to restore normal operations; those that don’t risk being permanently shut out of their systems or having their data exposed to the public.

While U.S.-based cryptocurrency firms are subject to anti-money laundering (AML) requirements, many ransomware operators are located outside U.S. jurisdiction and solicit payments through foreign firms whose host country does not enforce the same rigorous AML expectations.