WASHINGTON—The volume of suspected ransomware payments flagged by U.S. banks has surged this year, on pace to nearly double last year’s, the Treasury Department said Friday, highlighting the scale of a problem that governments across the world have described as a critical national security threat.
Nearly $600 million in transactions were linked to possible ransomware payments in so-called Suspicious Activity Reports financial services firms filed to the U.S. government in the first six months of this year, according to a Treasury Department report. That is more than 40% more than the total for all of 2020.
In an indication the actual amount is much higher, Treasury Department investigators in the same time period identified about $5.2 billion in bitcoin transactions as potential ransomware payments, the report stated.
The report came a day after governments from more than 30 countries committed to coordinated action against ransomware attacks, including bolstering regulation of crypto markets and data sharing.
Over the last year, the growing scale, scope and severity of attacks by foreign hackers has brought to the fore the national security implications of ransomware, compromising interstate infrastructure, food supplies and health systems.
Amid warnings from top national security officials, the Biden White House has made combating ransomware attacks an administration priority, launching an interagency task force, sanctioning for the first time a cryptocurrency exchange that allegedly facilitated payments, issuing new regulations for financial firms and vulnerable industries, and convening this week’s international summit.
Friday’s report was accompanied by new guidance that urges companies to guard against attacks and avoid paying ransoms. Failure to abide by the guidance, issued by Treasury’s sanctions-regulatory division, the Office for Foreign Assets Control, risks penalties and other punitive actions. U.S. officials warn more sanctions will be forthcoming as it seeks to target the primary financing networks channeling ransomware payments.
Administration officials say the private sector has collectively failed so far to take sufficient steps to protect against attacks.
“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem,” Wally Adeyemo, deputy secretary of the Treasury, in a statement accompanying the report. “Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity.”
Treasury, in its new industry-specific guidance, issued some of its clearest warnings to the private sector that it will hold accountable firms that fail to comply with obligations to block transactions linked to individuals, crypto wallets and exchanges sanctioned for ransomware-linked activities.
Former Treasury Department sanctions official Eric Lorber said the advisory provides important regulatory clarity the crypto sector has been seeking from the government, as well as a warning to the industry.
“There are many companies who are operating in the virtual currency space who don’t really know what their obligations are, what Treasury expects of them,” said Mr. Lorber, now managing director at the risk-and-compliance consulting firm K2 Integrity.
The guidance tells companies that they need to have compliance systems in place that screen transactions and customers against blacklisted countries such as Iran and North Korea, as well as sanctioned individuals, companies and crypto wallets.
The Treasury Department’s Office of Foreign Assets Control also warned the cryptocurrency industry not to delay implementation of the new compliance procedures, lest they expose themselves to “a wide variety of potential sanctions risks.”
The message, said Mr. Lorber, is “‘If we see failure in this industry to do this, there will be significant consequences.’”
Write to Ian Talley at ian.talley@wsj.com
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8