Criminals netted $1.3 billion in ransom payments from hacking victims in the past two years, reflecting a massive surge in cyber crime that has prompted a global effort to stop it, according to a new report from Chainalysis Inc.
The cryptocurrency-tracking firm said in an analysis published Thursday it observed a huge increase in ransom payments: $602 million in payments in 2021 and $692 million in 2020. The 2021 figure is expected to increase and surpass 2020 as additional information becomes available, according to the report.
By comparison, Chainalysis detected $152 million in payments in 2019 and $39 million in 2018.
Hacking victims often don’t disclose that they have experienced a breach or that they have paid a ransom in cryptocurrency to unlock their systems. The secrecy is one reason, experts say, that criminal groups often based in Russia and Eastern Europe continue to target businesses in the U.S.
The average payment totaled more than $118,000 in 2021, an increase from $88,000 in 2020 and $25,000 in 2019, the report said.
The U.S., the UK and Australia issued a joint alert Wednesday warning of an increased global threat from ransomware. Hackers have adopted advanced techniques, such as professionalized business models and sharing data about potential victims, officials said.
The Biden administration has rolled out a series of initiatives to bolster cyber defenses, both in government and in the private sector, after a series of devastating hacks last year, including ransomware attacks against the fuel transporter Colonial Pipeline Co. and the IT services firm Kaseya Ltd.
In October, the White House hosted representatives from 30 countries in an attempt to find ways to slow the number of breaches. Law enforcement agencies, meanwhile, have sought to deter hackers by arresting alleged ransomware operators throughout Europe.
Chainalysis researchers tracked payments in recent years in part by analyzing cryptocurrency wallets associated with suspected ransomware groups, including the gangs known as Conti, DarkSide and Evil Corp.
The Conti ransomware strain generated the most revenue in 2021, researchers said. Believed to be based in Russia, Conti reaped at least $180 million from victims, according to the report. Conti is one of numerous groups that uses the ransomware-as-a-service business model, where affiliates can purchase ransomware, use it to extort money and provide Conti with a share of the ransom.
The FBI and Cybersecurity and Infrastructure Security Agency issued an alert about Conti in September, noting more than 400 attacks, including intrusions that had impacted law enforcement and medical agencies.
DarkSide, the group behind the Colonial Pipeline attack, extorted the second-largest amount of money from victims last year, according to Chainalysis’ report. Colonial Pipeline said it paid $4.4 million to DarkSide. In June, the Department of Justice announced that it had retrieved $2.3 million of that amount.
The FBI has previously said that U.S. victims reported $29.1 million in ransomware losses in 2,474 complaints in 2020.