Blockchain analysis company Chainalysis has published a mid-year update on ransomware in light of recent events surrounding the Colonial Pipeline.
Key findings include:
- Based on updated data, we’ve increased our lower bound estimate for funds stolen in ransomware attacks last year and are releasing a lower bound estimate for 2021 YTD. Known payments to ransomware attackers rose 337% from 2019 to 2020, when they reached over $400 million worth of cryptocurrency. Attackers show no signs of slowing down in 2021 and have already taken in more than $81 million from victims so far this year.
- The average ransom payment has increased significantly from an average of $12k in Q4 2019 to $54k in Q1 2021. We believe this is due in part to ransomware attackers more effectively targeting larger organizations with the help of illicit, third-party vendors who sell them hacking tools, stolen data, and other assets to carry out more successful attacks. We go into detail on this analysis on page 20 in the attached.
- More ransomware attacks appear to be carried out by cybercriminals in Russia and other Commonwealth of Independent States (CIS) countries. We compared the top ten most prolific ransomware strains in 2020 and 2021, and found that the share of funds extorted by ransomware strains associated with cybercriminals based in Russia or other CIS countries has grown this year. In 2020, roughly 86% of ransomware proceeds studied could be attributed to ransomware strains that are either associated with Evil Corp or are designed to avoid CIS countries. So far in 2021, that figure is at 92%, based on what we know now. We go into detail on this analysis on page 26.
- Based on data so far this year, payments to ransomware addresses that carry sanctions risk decreased to 3% of payments, down from our revised estimate of 13% in 2020.
The full report will also include a previously published NetWalker case study so folks who are unfamiliar with how RaaS works can see that, plus policy recommendations.
Source: Read Full Article