Cybercrime has paid off thanks to ransomware, according to the latest chain analysis report released in January 2021. The study shows the development of ransom payments in cryptocurrency between 2016 and 2020. And the growth is remarkable. Between 2019 and 2020, money theft exploded by more than 311%. Ransomware sales are now $ 350 million.

A surprising number, but fewer perpetrators than you think

Ransomware attacks are still spreading today, such as the last cyber attack on the city of Angers in January or the various attacks on the European health system throughout the health crisis. However, as Chainalysis explains, the diversity of ransomware strains does not necessarily reflect growth in cybercriminal groups.

Some of the tribes already known in previous years continued their ascent in 2020. This is especially true for NetWalker Ransomware or even Dharma and Defray777. On the flip side, tribes like BitPaymer or SamSam, which have been known since 2016, have been replaced by new names that are now consuming a lot more money, like Ryuk, who tops the rankings and was previously unknown in the cybercriminal landscape.

If the spread of names creates the impression that separate groups are carrying out ransomware attacks, it is not necessarily the case. Ransomware is now becoming a service that less sophisticated affiliate hackers hire in exchange for part of the profit. “Many RaaS partners are migrating between tribes, suggesting that the ransomware ecosystem is smaller than meets the eye,” the report said. Similarly, some large types of ransomware can originate from the same creators and administrators. Cyber ​​criminals can then easily post similar strains under new names to cover their tracks.

80% of ransomware money laundering is concentrated in just 199 depot addresses

The analysis of cryptocurrency exchanges clearly shows that few players will hold more than 80% of the extorted funds in 2020. Additionally, Chainalysis notes that an even smaller group of just 25 deposit addresses alone will receive 46% of the funds. All of this shows how malicious operators keep getting better.

If the amounts stolen in the final quarter of 2020 seem to be falling, right now it cannot be said that 2021 will be the end of ransomware. Given user awareness and suspicion of digital ransom demands, cyber criminals are stepping up their efforts and ingenuity to amplify their malicious operations and make up for lost revenue.