Department of Homeland Security investigators have successfully prevented hundreds of ransomware cyberattacks and seized billions in extorted cryptocurrency since 2021. United States government agencies were the primary targets, accounting for 21% of the disrupted hacks, surpassing any business sector.
The division has disrupted 537 ransomware attacks since its inception in 2021 and has traced and seized $4.3 billion worth of cryptocurrency on exchanges and hackers’ devices, which was stolen through extortion payments. Ransomware attacks typically involve scammers compromising and encrypting a user’s data, then demanding payment in return for the decryption key.
The Homeland Security Investigations (HIS) is taking a proactive approach to disrupting ransomware attacks by closely monitoring cybercrime and the constantly evolving tactics used by criminals. Agents analyze internet traffic, look for signs of malicious activity, and monitor software vulnerabilities that ransomware gangs could exploit to breach an organization’s security.
The goal is to detect and prevent attacks before they occur. As a result of these efforts, there are several groups under surveillance, with gangs outside the US continuously seeking ways to obtain cryptocurrency. However, building a case against hackers whose attacks are blocked by HIS can be difficult.
If an attack does occur, HIS notifies government agencies, companies, and other potential victims of an imminent extortion event while coordinating with agents across 235 field offices in the US, local police departments, and other federal agencies. In its Crypto Crime Mid-year Update, Chainalysis reported that ransomware inflows have increased by 2% in 2024, from $449.1 million to $459.8 million.
By the end of 2023, $1 billion in crypto ransomware payments were recorded. The maximum payment size surged 96% year over year from 2023 and 335% from 2022. The blockchain analysis firm suggests that the spike is likely due to scammers collecting larger payments from victims. Median ransom payments have increased from under $200,000 in early 2023 to $1.5 million by June 2024.
In July, Chainalysis recorded the largest single ransomware payment ever, with a group known as Dark Angels receiving a $75 million payment from a victim..