The world of cryptocurrency has been rocked by the revelation that $602 million in ransomware payments were made in 2021. This staggering figure, uncovered in the Ransomware Crypto Crime Report by Chainalysis, has sent shockwaves through the industry. Experts are now warning that the total amount paid to cybercrime groups in 2020, which stood at $692 million, may be surpassed this year.
One of the most alarming trends highlighted in the report is the significant increase in the average payment size over the years. In 2019, the average ransomware payment was $25,000, but by 2021, it had skyrocketed to $118,000. This surge can be attributed to the rise of targeted attacks on major organizations, a tactic known as “big-game hunting.” These high-profile attacks can yield threat actors tens of millions of dollars in a single breach.
A key factor enabling this big-game hunting strategy is the use of tools provided by third-party providers to enhance the effectiveness of ransomware attacks. The report noted that the usage of these services reached its highest levels in 2021, leading to an increase in the share of ransomware funds being transferred to third parties.
One group that emerged as a major player in the ransomware landscape in 2021 was Conti, which extorted at least $180 million from victims. However, the report highlighted that such groups have a short lifespan, often rebranding frequently to evade sanctions and law enforcement scrutiny.
Chainalysis also discovered that the average lifespan of new ransomware variants is around two months. Despite an increase in the number of strains taking payments in 2021, the core group of ransomware developers may not be growing substantially.
By analyzing the cryptocurrency transaction histories of these groups, Chainalysis was able to identify connections between them. For example, Hades, WastedLocker, DoppelPaymer, Phoenix, and Macaw Locker were all found to have sent funds to the same group of intermediary wallets linked to Evil Corp.
The report also highlighted a potentially positive development in the fight against ransomware. It revealed that over half (56%) of the funds tracked in 2020 and 2021 were sent to just six cryptocurrency businesses. This concentration of funds could make it easier for law enforcement to disrupt the ransomware ecosystem by targeting these key players.
Another intriguing aspect of the ransomware market is the involvement of state-sponsored groups, who use attacks for geopolitical and financial purposes. Iran was identified as the leader in this state-sponsored activity, with 21 linked groups, followed by Russia, China, and North Korea.
Overall, the Ransomware Crypto Crime Report sheds light on the evolving landscape of ransomware attacks and provides valuable insights for combating this growing threat. By cracking down on key players in the cryptocurrency ecosystem and targeting state-sponsored actors, law enforcement agencies may be able to hinder the operations of ransomware organizations and reduce the financial incentives for carrying out these attacks.