At least 40 ransomware strains conducted illicit activities during 2021. The attackers usually request monero as payment to stop the attacks against their victims.
According to Chainalysis, 600 million dollars (USD) or more in ransomware payments appeared registered during 2021, an activity that grows steadily fast and promises a further increase in the years to come.
The company explained in a blog post that the amount in dollars due to these types of attacks, which get commonly labelled as data kidnapping, might be higher than it was in 2021, whose numbers went around USD 602 million. They believe that the years to come could be more critical.
The firm expressed that, in 2021, Conti was a famous ransomware strain amongst hackers. According to the firm, this virus managed to extract at least USD 180 million from their victims.
DarkSide was another dangerous strain due to the number of funds extracted and because of its protagonism during the attack on the Colonial Pipeline. This attack was a famous crime that took effect during 2021, and many shortages in the fuel field happened in various regions in the United States of America.
For Chainalysis, that attack proves that ransomware is a dangerous tool, often targeting vital infrastructure that helps keep a country running, like the economy.
Strains of Ransomware and How they Receive Payments from the Victims
The firm highlights that, during 2021, many strains of ransomware received funds directly from the companies they chose as victims. The firm made parallelism with 2020 when 119 ransomware were carrying out its activities, and 2019 when 79 got involved in the attacks.
The entity also describes that the ransomware payments in 2021 were USD 118,000, compared to USD 88,000 in 2020 and USD 25,000 in 2019. Record payments of up to USD 40 million got acquired by the Phoenix strain Cryptolocker.
Over the past year, 16% of the funds collected by attacks served the criminals to acquire more tools and services to improve their illicit activities. The firm also clarified that the majority of the funds obtained by the ransomware strains went directly to centralized exchanges like Binance.
They also aimed at high-risk exchanges; these exchanges have fewer restrictions, but they follow the rules and comply with the programs. The firm also highlights a relevant amount of funds that went to mixers and other addresses that are commonly related to other forms of shady and illicit activities.
Name Changing is a Clever Strategy Used by the Attackers to Perpetuate their Activity
Chainalysis pointed at the average activity of ransomware strains and that they were usually carrying out their activities for at least two months in 2021. The entity stated that ransomware attackers, right after publicly announcing a cease of activities, came back shortly after, but with a different name; all these events took place during the last year.
According to Chainalysis, ransomware is perhaps the most dynamic crime connected to cryptocurrencies. Between constant rebranding, building money laundering strategies, and using the current influence of geopolitics, the crime finds a way to hide from justice and keep perpetuating its deceiving activities.
By: Jenson Nuñez
