Department of Homeland Security investigators say they’ve thwarted hundreds of ransomware cyberattacks before they occurred and have seized billions of extorted crypto since 2021.

United States government agencies were the top targets, accounting for 21% of the disrupted hacks, more than any business sector, Mike Prado, the deputy assistant director of Homeland Security Investigations (HIS) Cyber Crimes Center, told Bloomberg in an Oct. 4 report .

The division has disrupted 537 ransomware attacks since it was formed in 2021 and has traced and seized $4.3 billion worth of crypto on exchanges and hackers’ devices, which was stolen through extortion payments .

Ransomware attacks often involve a scammer comprising and encrypting a user’s data, then asking for payment in return for the decryption key. Source: Akamai

According to Prado, HIS is taking a proactive approach to disrupting ransomware attacks by “keeping a finger on the pulse” of cybercrime and the constantly evolving tactics used by criminals. 

Agents analyze internet traffic, look for signs of malicious activity, and monitor software vulnerabilities, which ransomware gangs could use to exploit an organization’s security. 

The goal is to discover when attacks are about to happen, in some cases before the breach occurs, and prevent it. 

As a result of these actions, Prado says there are several “groups that we have our eyes on,” with gangs outside of the US “continuously probing ways to obtain cryptocurrency.”

However, he said the approach can be a double-edged sword, as building a case against hackers whose attacks are blocked by HIS can be difficult. 

If an attack does occur, Prado says HIS notifies government agencies, companies and other potential victims that an extortion event is imminent while also coordinating with agents across 235 field offices in the US, local police departments and other federal agencies.

Ransomware attacks on the rise 

In its Aug. 15 Crypto Crime Mid-year Update, Chainalysis found ransomware inflows have increased by 2% in 2024, from $449.1 million to $459.8 million. By the end of 2023, $1 billion in crypto ransomware payments were recorded . 

At the same time, the maximum payment size surged 96% year over year from 2023 and 335% from 2022.

Related: Ransomware Attack Targets Victoria Beckham’s Personal Data

The blockchain analysis firm suggests the spike is likely due to scammers collecting larger payments from victims. Median ransom payments have spiked from under $200,000 in early 2023 up to $1.5 million by June 2024.

The largest ransomware payments have doubled in the last two years. Source: Chainalysis

In July, Chainalysis also clocked the most significant single ransomware payment ever recorded, with a ransomware group known as Dark Angels receiving a $75 million payment from a victim. 

Magazine: Will Satoshi be doxxed? Banks to join SWIFT digital asset trials and more: Hodler’s Digest, Sept. 29 – Oct. 4