Ransomware Operators Earned Over $350 Million in 2020
According to a study by the analytics company Chainalysis, ransomware operators received over $350,000,000 in ransom payments last year. This troubling statistic was compiled by tracking Bitcoin transactions linked to various ransomware attacks.
Although Chainalysis has one of the most comprehensive datasets on crypto-related crimes, the company emphasizes that this figure likely represents only the lower bound of what hackers actually βearned.β Many victims do not publicly report ransomware attacks or ransom payments, so the real profits of cybercriminals could be much higher than what researchers have identified.
Ransomware Attacks on the Rise
In 2020, ransomware attacks accounted for only 7% of all crypto-related crimes. However, the total amount paid in ransoms increased by 311% compared to 2019. Analysts explain this surge by noting that the number of ransomware strains continues to grow. The market has seen not only new threats whose operators demand enormous sums from affected companies, but also a sharp increase in activity and profits from several previously known ransomware groups.
Most Profitable Ransomware Groups
According to Chainalysis, the most profitable operations last year were carried out by hacker groups such as Ryuk, Maze (now inactive), Doppelpaymer, Netwalker (which authorities recently attempted to dismantle), Conti, and REvil (also known as Sodinokibi). Other ransomware strains like Snatch, Defray777 (RansomExx), and Dharma also brought in millions of dollars for their operators.
Ransomware-as-a-Service and Money Laundering
Based on information about how victims paid ransoms and how profits in the RaaS (Ransomware-as-a-Service) sector fluctuated, experts conclude that the overall ransomware scene involves far fewer criminals than previously thought. This is because cybercriminals frequently switch from one RaaS platform to another.
When it comes to laundering their earnings, hackers still rely on specialized mixing services. They then transfer cryptocurrency to both legitimate and well-known exchanges, as well as to high-risk services for conversion into fiat currency. The Chainalysis report states that 82% of all ransomware revenue in 2020 passed through just five exchange platforms. In theory, law enforcement could put pressure on these exchanges in the future, potentially disrupting the operations of many ransomware groups.