Ransomware crypto payments hit at least $602M last year: Chainalysis

Published at: Feb. 11, 2022

A new report estimates that ransomware payments tallied at least $602 million in 2021 — but the actual total could be much higher.

Blockchain analysis firm Chainalysis released new data on Feb. 10  about ransomware activity related to cryptocurrency in 2021. However it stated that the total value is likely to end up surpassing the $692 million taken in 2020.

“In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware.”

The average ransomware payment size reached a record high of $118,000 in 2021. This is a 26% increase from the average of $88,000 in 2020. Chainalysis attributes the larger average payment size to a “big game hunting” strategy increasingly employed by ransomware strains in which large organizations are targeted for ransomware. 

Last year also had the highest amount of active ransomware strains than any other year on records. At least 140 strains received crypto payments, which is 21 more than in 2020 and 61 more than in 2019.

Conti was the most active ransomware strain in 2021. It siphoned off nearly $200 million in value through cryptocurrency in 2021. Conti, thought to be based in Russia, is a ransomware syndicate that sells its program as a service to affiliates for a fee.

Darkside came in a distant second to Conti by extracting nearly $100 million in crypto value. Darkside is the organization that held the Colonial Pipeline hostage last year, and demanded ransom be paid in Bitcoin (BTC).

Although the report states that most ransomware strains come and go in waves, staying active for a short amount of time before becoming dormant, Conti was active throughout the entirety of 2021. More commonly, ransomware groups will halt operations then reopen under a new name.

The trend to rebrand caused the average strain in 2021 to last for only 60 days, which is 2.8 times lower than in 2020, when the average was 168 days.

Related: Google Cloud to detect crypto-mining malware on virtual machines

Chainalysis concluded that while most ransomware attacks are financially motivated, others appear to have geopolitical goals focused on “deception, espionage, reputational damage and disruption of the enemy government’s operations.”

It pointed out that although there are benefits to utilizing cryptocurrency to execute ransomware attacks, the transparency of crypto transactions makes it easier for authorities to track the movement of funds. North Korea has repeatedly used crypto to circumvent economic sanctions for years.

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
This Ransomware Comes With Its Own Affiliate Program
Avaddon, a new ransomware-as-a-service, or RaaS, protocol, is the latest to jump on the crypto extortion bandwagon. Similar to ransomware from groups like Maze and REvil, the Avaddon project offers revenue-sharing for users who successfully deploy the software on unsuspecting victims. According to research by the cyber intelligence firm, DomainTools, RaaS development allows hackers to focus their efforts on malware development, rather than finding new places to deploy their attacks. Developers instead rely on third-party individuals who are looking to generate income by launching their own ransomware campaigns. Speaking with Cointelegraph, Tarik Saleh, senior security engineer and malware researcher at …
Blockchain / Aug. 13, 2020
Ransomware Threatens Production of 300 Ventilators Per Day
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Blockchain / Aug. 7, 2020
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
Blockchain / June 30, 2022