Ransomware attackers have already siphoned tens of millions of dollars in crypto this year, according to the blockchain analytics firm Chainalysis.
In a new mid-year ransomware update, Chainalysis notes that the stolen amount of $81 million is likely to grow, even when only looking at the first five months of 2021.
“$81 million must be considered a floor for the time being, as the figure will almost certainly grow as we identify more ransomware addresses.”
Ransomware attacks took off in 2020, with victims paying a record-setting $406.34 million worth of cryptocurrency to attackers last year, a surge of over 337% from 2019 where the bad actors collected $92.94 million.
Chainalysis notes that ransomware attackers tend to move crypto they receive from victims to mainstream exchanges, exchanges with loose compliance standards, and mixers. Attackers also tend to “rent” the ransomware strains they use.
Explains the analytics firm,
“Many strains function on the RaaS model (Ransomware as a Service model), in which attackers known as affiliates ‘rent’ usage of a particular ransomware strain from its creators or administrators, who in exchange get a cut of the money from each successful attack affiliates carry out.
Many RaaS affiliates migrate between strains, suggesting that the ransomware ecosystem is smaller than one might think at first glance.”
Chainalysis also notes that most ransomware strains are affiliated with cybercriminal groups in Russia or Russian-speaking countries.
“Generally speaking, cybercriminals affiliated with Russia and other Russian-speaking countries in the Commonwealth of Independent States (CIS) — an intergovernmental organization of former Soviet countries — have been among the most prolific in the world. Russian-affiliated services received more cryptocurrency from illicit addresses than those in any other country, suggesting that Russian-affiliated cybercriminals were the year’s biggest financial beneficiaries of cryptocurrency-based crime. Much of this activity was driven by Hydra, a Russia-based darknet market, which in addition to drugs, sells stolen data that can be useful to ransomware attackers.”
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/sdecoret