- The blockchain forensics firm has said that with continued identification of more events, 2021 numbers could eclipse the figures recorded in 2020
- The report also found that Russian-based Conti led in ransomware attacks last year
Chainalysis’ recently released report on crime in cryptocurrencies in 2021 has indicated that 2021 ransomware payments reached $602 million, a figure less than 2020’s. On average, the amount paid per ransomware event was $118,000, compared to $88,000 in 2020 and $25,000 the year before.
However, Chainalysis noted that the figure for 2020 (which has now been estimated to be $692 million) sat at $350 million at the time of publication of the previous report. However, other hacks events have since been identified hence the adjusted figure.
Therefore, the report insisted that 2021’s figure could grow to beat 2020’s figure as more discovery of ransomware addresses is done.
“Anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware,” the report stated.
Conti, whose participation was indirect, leads the way
Further details of the report revealed that Russian hacking group Conti was the biggest beneficiary of these hacks. Conti attackers bilked more than $180 million from their targets by using a ransomware-as-a-service (RaaS) strategy, implying that Conti furnished affiliated associates with ransomware software at a fee.
The report observed that the number of active ransomware strains had increased year over year from 119 in 2020 to 140 in 2021. This figure was 79 in 2019, evidence of massive growth in ransomware over the last two years.
It also pointed out that Conti was really the only strain that remained active all through the year, unlike the rest, which appear periodically.
“Conti was the one strain that remained consistently active for all of 2021 and, in fact, saw its share of all ransomware revenue grow throughout the year. Overall though, Conti’s staying power is increasingly outside the norm,” the report read.
Chainalysis additionally noted that a popular trend that emerged last year was that some strains were shutting down publicly only to relaunch with a different name. However, as the blockchain footprint of the money aligned with the prior organisation, the new entity would get exposed to authorities.
Another Russian group that has made it to the top of the charts is Darkseid, which infamously held the US Colonial Pipeline hostage for several days forcing it to shell out $5 million. The gang obtained up to $75 million via similar hacks throughout the year.
The analytics firm concluded that ransomware had become a tool in geopolitical disputes, with Iran touted as the perpetrator with the most suspected links to ransomware strains.