Once all of the data is sorted through, the total amount of value extracted through ransomware payments in 2021 is expected to exceed 2020 levels.
According to a new report, ransomware payments totaled at least $602 million in 2021, but the true figure could be much higher.
Chainalysis, a blockchain research firm, released new data on ransomware activity related to cryptocurrency in 2021 on Feb. 10. However, the total value is expected to exceed the $692 million taken in 2020, according to the report.
“In fact, despite these figures, anecdotal evidence, combined with the fact that ransomware revenue in the first half of 2021 exceeded that in the first half of 2020, leads us to believe that 2021 will be revealed to have been an even bigger year for ransomware.“
According to Chainalysis, 2021 will end up surpassing 2020.
In 2021, the average ransomware payment hit a new high of $118,000, a new high. This represents a 26% increase over the average salary of $88,000 in 2020. The larger average payment size, according to Chainalysis, is due to ransomware strains increasingly employing a “big game hunting” strategy in which large organizations are targeted for ransomware.
Last year also saw the most active ransomware strains on record, surpassing all previous years. At least 140 strains received cryptocurrency payments, up 21 from 2020 and 61 from 2019.
In 2021, Conti was the most active ransomware strain. In 2021, it used cryptocurrency to siphon off nearly $200 million in value. Conti is a ransomware syndicate based in Russia that sells its program as a service to affiliates for a fee.
Darkside came in second place to Conti, with nearly $100 million in crypto value extracted. Darkside is the group that kidnapped the Colonial Pipeline last year and demanded a Bitcoin ransom be paid (BTC).
In 2021, Conti was the most active ransomware strain.
Conti was active for the entire year of 2021, despite the fact that most ransomware strains come and go in waves, staying active for a short time before becoming dormant, according to the report. Ransomware groups frequently shut down operations before reopening under a new name.
The rebranding trend resulted in the average strain lasting only 60 days in 2021, 2.8 times less than in 2020, when it lasted 168 days.
Related post: Crypto-mining malware on virtual machines will be detected by Google Cloud.
While most ransomware attacks appear to be financially motivated, others appear to have geopolitical goals such as “deception, espionage, reputational damage, and disruption of the enemy government’s operations,” according to Chainalysis.
Although there are advantages to using cryptocurrency to carry out ransomware attacks, the transparency of crypto transactions makes it easier for authorities to track the movement of funds, according to the report. For years, North Korea has used cryptocurrency to get around economic sanctions.