A Chainalysis report, ‘2021 Crypto Crime report’, found that 2020 was the year of the ransomware explosion.
A few numbers illustrate the issue well: in 2020, ransomware victims increased by 311% and the extorted cryptocurrencies amounted to 350 million dollars.
“No other category of cryptocurrency-based crime had a higher growth rate”.
And it is even a value that is underestimated. The comparison with previous years is dramatic: in 2019, ransomware netted criminals less than $100 million.
Chainalysis counts 11 types of ransomware. Each of these threats grew exponentially in 2020 and extorted a large sum from their victims.
Cybercriminals have begun to act according to the RaaS model: they ‘rent’ the use of a particular cyber attack from the creators, disseminate it, collect the ransom, and pay a portion to the developer author of the system.
Ransomware report: on the hunt for cybercriminals
According to the researchers, the number of malware creators may be very small:
“Many RaaS affiliates migrate between strains, suggesting that the ransomware ecosystem is smaller than one might think at first glance. In addition, many cybersecurity researchers believe that some of the biggest strains may even have the same creators and administrators, who publicly shutter operations before simply releasing a different, very similar strain under a new name”.
But what happens to the money extorted from the unfortunate victims? While in 2013, most of it was directed to mixing services, it now appears that from the addresses of cybercriminals, this money is moving to exchanges. According to Chainalysis, it is possible to trace the money back to the perpetrators via the exchanges and the addresses where the funds are deposited. The assumption is that the funds are still being directed to the same money laundering services.
However, the report notes:
- 5 exchanges receive 82% of ransomware proceeds;
- 199 addresses receive 80% of ransomware proceeds;
- 25 addresses receive 45% of ransomware proceeds.
These data support the hypothesis that the ‘ring’ of ransomware authors is quite tight.
When analyzing one particular address, the one with the largest ransomware revenue, experts noted that it does not only receive funds from illegal activities. Rather, the address has received as much as $63 million in Bitcoin since August, but only 10% of that can be traced back to criminal activity. And this trend is also followed by other addresses.
The conclusion of Chainalysis is that with some willingness, these attacks can be stopped. How? By identifying the perpetrators:
“The data makes one thing clear: The ability to cash out ransomware proceeds is supported by the owners of a very small group of deposit addresses. By targeting those deposit addresses, cryptocurrency businesses and law enforcement can work together to reduce ransomware attackers’ ability to turn their profits into cash”.