Crypto ransomware payments hit at least $602 million in 2021 – Report

A new report by Chainalysis, a blockchain analysis platform that provides data, software, services, and research to government agencies, exchanges, financial institutions and cybersecurity in over 60 countries, estimates that ransomware payments in the year 2021 hit at least $602 million. It adds that the actual total could be much higher.

Chainalysis released new data yesterday about ransomware activity related to cryptocurrency in 2021. In the report, looking at its 2020 figures, the firm initially reported $350 million stolen at the beginning of 2021 but explained that it had to update its figures throughout the year due to, “both underreporting by ransomware victims and our continuing identification of ransomware addresses that have received previous victim payments.”

Although the firm is reporting $602 million as the total ransomware payments for 2021, there is a high chance that this figure will be updated further upwards over the course of the year and also a high probability that it will surpass that of 2020 which now stands at $692 million.

Also adding to the thesis that the figure will eventually surpass 2020’s, the report stated, “In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware.”

The report reveals that Conti, a hacker syndicate that is believed to be operating out of Russia and operates using the ransomware-as-a-service (RaaS) model, was the biggest ransomware strain by revenue in 2021, extorting at least $180 million from victims. This is followed by Darkside and Phoenix Cryptolocker, who have both extorted at least $80 million and $55 million respectively.

DarkSide is another notable hacker syndicate that is known for its role in the attack on oil pipeline giant, Colonial Pipeline. This represented one of the year’s most notable ransomware attacks. The attack caused fuel shortages in some areas, which were exacerbated by subsequent panic buying as word of the attack’s impact spread.

However, the Colonial Pipeline attack also turned into a success story, as the U.S. Department of Justice (DoJ) was able to track and seize $2.3 million of the ransom that Colonial paid to DarkSide. This shows that enforcement’s ability to seize payments after they’re made represents a huge step forward in the fight against ransomware.

The report also states that at least 140 ransomware strains received payments from victims in 2021, compared to 119 in 2020, and 79 in 2019. These numbers speak to the intense growth of ransomware we’ve seen over the last two years. Most ransomware strains come and go in waves, staying active for a short amount of time before becoming dormant.

The average ransomware payment size was over $118,000 in 2021, up from $88,000 in 2020 and $25,000 in 2019. The largest payment on record is the $40 million received by Phoenix Cryptolocker, is the major catalyst that brought about this all-time high in average payment size. The reports the major reason for this uptick to the ransomware attackers’ focus on carrying out highly-targeted attacks against large organizations.

Chainalysis concluded that while most ransomware attacks are financially motivated, others appear to have geopolitical goals focused on “deception, espionage, reputational damage and disruption of the enemy government’s operations.”

It pointed out that although there are benefits to utilizing cryptocurrency to execute ransomware attacks, the transparency of crypto transactions makes it easier for authorities to track the movement of funds.