As crypto ransomware payments hit $602M in 2021, here’s how 2022 can be worse

As crypto ransomware payments hit $602M in 2021, here's how 2022 can be worse

One of the most common and serious cyber-attacks involves ransomware. These attacks have been increasing not only in number but also in severity. In the first half of 2020, average ransomware payments increased by 60%, with Bitcoin used for most payments. Blockchain analysis firm Chainalysis released new data on 10 February about ransomware activity related to cryptocurrency in 2021.

Ransomware strains

The report shed light on ransomware activity related to cryptocurrency in 2021. The graph below showed the total cryptocurrency value received by ransomware addresses between 2016 to 2021.

The report stated:

“Despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020. Suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware.”

Conti was the biggest ransomware strain by revenue in 2021, extorting at least $180 million from victims. Conti, thought to be based in Russia, was a ransomware syndicate selling its program as a service to affiliates for a fee. Darkside followed at the second spot. It extracted nearly $100 million in crypto value.

The average ransomware payment size reached a record high of $118,000 in 2021. This marked a 26% increase from the average of $88,000 in 2020.

Here’s the interesting bit- most strains stayed active for a short amount of time before becoming dormant. Conti was active throughout the entirety of 2021. Such groups would halt operations then reopen under a new name.

One reason for the increase in ransom sizes was ransomware attackers’ focus on carrying out highly-targeted attacks against large organizations, thanks to the larger average payment size akin to a “big game hunting” strategy. Most attacks were financially motivated. Others focused on “deception, espionage, reputational damage and disruption of the enemy government’s operations.”