United States Department of Homeland Security investigators say they’ve thwarted hundreds of ransomware cyberattacks, often before they occurred, and have seized billions of extorted crypto since 2021.
US agencies were the top targets, accounting for 21% of the disrupted hacks, more than any business sector, Mike Prado, the deputy assistant director of the Homeland Security Investigations (HSI) Cyber Crimes Center, told Bloomberg in an Oct. 4 report.
The division has disrupted 537 ransomware attacks since it was formed in 2021 and has traced and seized $4.3 billion worth of crypto from exchanges and hackers’ devices that had been stolen through extortion payments.
Ransomware attacks often involve a scammer compromising and encrypting a user’s data and then asking for payment in return for the decryption key. Source: Akamai
According to Prado, HSI is taking a proactive approach to disrupting ransomware attacks by “keeping a finger on the pulse” of cybercrime and the constantly evolving tactics used by criminals.
Agents analyze internet traffic, look for signs of malicious activity and monitor software vulnerabilities that ransomware gangs could use to exploit an organization’s security.
The goal is to discover when attacks are about to happen, in some cases before the breach occurs, and to prevent it.
As a result of these actions, Prado says there are several “groups that we have our eyes on,” with gangs outside of the US “continuously probing ways to obtain cryptocurrency.”
Still, he said the approach can be a double-edged sword, as building a case against hackers whose attacks are blocked by HSI can be difficult.
If an attack is imminent, Prado says HSI notifies government agencies, companies and other potential victims while coordinating with agents across 235 field offices in the US, local police departments and other federal agencies.
Ransomware attacks on the rise
In its Aug. 15 Crypto Crime Mid-year Update, Chainalysis found ransomware inflows have increased by 2% in 2024, from $449.1 million to $459.8 million. In 2023, $1 billion in crypto ransomware payments were recorded.
The maximum payment size has surged 96% from 2023 and 335% from 2022.
Related: Ransomware Attack Targets Victoria Beckham’s Personal Data
The blockchain analysis firm suggests scammers are collecting larger payments from victims. Median ransom payments spiked from under $200,000 in early 2023 to $1.5 million by June 2024.
Ransomware payments doubled in 2023 from 2022. Source: Chainalysis
In July, Chainalysis also clocked the most significant single ransomware payment ever recorded, with a group known as Dark Angels receiving a $75 million payment from a victim.