In the Crypto Crime Report 2022, chain analysis takes stock of ransomware in 2021. The company estimates that over the past year, $692 million has been paid out in ransoms (including $602 million in cryptocurrencies).
Who are the hacker groups that generated the most revenue in 2021?
In his report, chain analysis shows that the average ransomware payout increased between 2020 and 2021. The average ransom amount increased from $88,000 to $118,000 in one year only. For the analyst firm, this is explained in particular by an increase in highly targeted attacks against large companies, such as the cyberattack against the Colonial Pipeline. In May 2021, the company that runs an oil pipeline from the Gulf Coast to New Jersey in the United States, reportedly paid $4.4 million to his captors.
Global banking institutions on high alert over Russian cyber threat
Amount of ransoms paid in cryptocurrency following ransomware. Source: Chainalysis
2021 has been a very intense year in the ransomware world. chain analysis is even convinced that he This is the most prolific year ever for hackers. While current figures suggest that 2020 has been a more intense year, experts point out that we have to wait a few more months for have an estimate as close as possible to reality. They explain that it is a “underestimated, and that the true total for 2021 will probably be much higher”.
The ransomware-as-a-service (RaaS) trend continues. Russian Conti hackers use this model. They allow their affiliates to launch attacks using a ransomware program, in exchange for compensation. Conti is precisely the largest hacker group in the world, in terms of revenue generated from ransomware in 2021. Other most active cybercriminal groups include REvil, Ryuk, DarkSide, Clop, Hive, Cuba or even Lockbit. Thanks to the extortion of the Colonial Pipeline, DarkSide takes second place in the rankings in 2021.
The hacker groups that generated the most revenue in 2021. Source: Chainalysis
Ransomware increasingly targets critical infrastructure
As specified chain analysisthe attack on the Colonial “reminds us of why ransomware attacks are so dangerous. They frequently target the critical infrastructure we need to run the country: not just energy providers, but also food providers, schools, hospitals, and financial services companies.”. This is how hackers manage to obtain enough ransoms ” easily “. Here is a graph that highlights the monthly income of the most active hacker groups:
The most active hacker groups throughout 2021. Source: Chainalysis
The Colonial Pipeline cyberattack ultimately turned into a success for US authorities. After paying $4.4 million to hackers, the Department of Justice managed to block $2.3 million of the ransom originally paid to DarkSide. Recently, the DOJ (Department of Justice) has set up a new team specializing in cryptocurrencies to deal with this kind of case. That’s why more and more companies are reporting cyberattacks. Even if you pay, law enforcement can help you recover the funds.