The blockchain data surveillance firm Chainalysis released a new report this time around having the prime focus on huge growth in crypto extorted in ransomware attacks.
In Brief:
- Conti was the biggest ransomware strain by revenue in 2021, extorting at least $180 million from victims followed by Darkside.
- Ransomware attackers focus on carrying out highly-targeted attacks against large organizations.
Statistics shown in the report say the firm identified over $692 million in ransomware payments from 2020 as of January 2022, more than doubling its initial estimate for the same timeframe a year ago while Chainalysis has identified over $602 million in ransomware payments for 2021, though this is likely an underestimate.
Who was the biggest ransomware strain in 2021?
The Russian-based group Conti was by far the most profitable ransomware strain last year. Conti operators extorted more than $180 million from their victims by using a Ransomware-As-A-Service (RaaS) model.
Conti was active throughout 2021, whereas most ransomware strains come and go in waves, remaining active for a short period of time before becoming dormant. More often than not, ransomware groups will halt operations before resuming operations under a new name.
Darkside came in second place to Conti, extracting nearly $100 million in cryptocurrency value. Darkside is the organization that kidnapped the Colonial Pipeline last year and demanded a Bitcoin ransom.
In 2021, 16% of all funds sent from ransomware operators’ wallets were spent on tools and services, such as penetration testing or more secure web hosting, to make their attacks more effective.
The focus of ransomware attackers on carrying out highly targeted attacks against large organizations is one reason for the increase in ransom sizes. This “big game hunting” strategy is made possible in part by ransomware attackers’ use of tools provided by third-party providers to enhance the effectiveness of their attacks.
The majority of ransomware strains have laundered their stolen funds by directing them to centralized exchanges.
Lastly, while most ransomware attacks are financially motivated, others appear to have geopolitical goals such as “deception, espionage, reputational damage, and disruption of the enemy government’s operations,” according to Chainalysis.
While using cryptocurrency to carry out ransomware attacks has advantages, the transparency of crypto transactions makes it easier for authorities to track the movement of funds.
For years, North Korea has used cryptocurrency to avoid economic sanctions and used cyber-attacks using phishing lures, code exploits, and malware to fund Pyongyang’s nuclear and ballistic missile programs.
