Chainalysis’ mid-year report shows total crypto paid to ransomware addresses increased by 337% in 2020, with Russian-affiliated cybercriminals mostly responsible
Blockchain analytics firm Chainalysis published a preview of their mid-year report on Friday which examines the growth of crypto-related ransomware attacks. The report shows this to be the fastest-growing category of crypto-based crime.
The Crypto Crime Report published by Chainalysis in February this year showed that ransomware victims had paid almost $350 million in cryptocurrencies in 2020. However, further ransomware addresses have since been identified and the new report estimates the figure for 2020 to be over $406 million.
This means the value of crypto received in ransomware attacks in 2020 had increased by 337% since 2019. And the rise in ransomware attacks shows no signs of stopping. Already in 2021, ransomware addresses have received more than $81 million worth of cryptocurrencies. This, again, is considered a minimum and the figure will likely increase as more addresses are detected.
A factor driving the growth has been the emergence of new strains of ransomware, in addition to older strains taking larger sums. Many strains use the Ransomware as a Service (RaaS) model. This involves an attacker “renting” a strain of ransomware from its creators, who get a share of the ransom from successful attacks in return.
Although the number of different strains appears to represent a large ransomware ecosystem made up of distinct groups, blockchain analysis shows that many RaaS attackers migrate between strains, and some of the biggest strains may even have the same creators.
The size of ransom payments has also been on the rise in recent years. In the first quarter of 2018, the average payment was $1,000. A year later it had tripled to $3,000 and a year after that a further increase of 567% took it up to $20,000. In Q1 of 2021, the average payment had more than doubled again to $54,000.
The largest known payments to ransomware strains have likewise risen in that time. The figures were always below $6 million before 2020, but have all been above that value since, with the largest crypto ransom payment in Q1 2021 being worth $10 million.
The report also showed that the vast majority of proceeds from the most prolific ransomware strains went to Russian-affiliated cyber criminals, largely driven by Russia-based darknet market Hydra. This is something the US government is already taking seriously with the announcement of punitive measures against Moscow last month. However, tackling the issue will likely require the cooperation of firms throughout the crypto sector as well as further blockchain analysis.